This document details the network configuration and security measures implemented on the Proxmox server.
The server has the following network interfaces:
| Interface | Type | State | IP Address | MAC Address | MTU | Description |
|---|---|---|---|---|---|---|
| lo | Loopback | UP | 127.0.0.1/8 | 00:00:00:00:00:00 | 65536 | Loopback interface |
| eno1 | Physical | UP | - | e0:d5:5e:e0:1f:35 | 1500 | Primary network interface (enslaved to vmbr0) |
| vmbr0 | Bridge | UP | 192.168.1.250/24 | e0:d5:5e:e0:1f:35 | 1500 | Main network bridge |
| tap100i0 | TAP | UP | - | 6a:58:29:09:5a:f5 | 1500 | VM network interface (enslaved to vmbr0) |
The server's network configuration is defined in /etc/network/interfaces:
# network interface settings; autogenerated
auto lo
iface lo inet loopback
iface eno1 inet manual
auto vmbr0
iface vmbr0 inet static
address 192.168.1.250/24
gateway 192.168.1.1
bridge-ports eno1
bridge-stp off
bridge-fd 0
mtu 1500
dns-nameservers 8.8.8.8 1.1.1.1
source /etc/network/interfaces.d/*
post-up ethtool -K eno1 tso off gso off gro off
post-up ethtool -K eno1 tso off gso off gro off
post-up ethtool -s eno1 speed 1000 duplex full autoneg off
The server uses a standard Linux bridge (vmbr0) with the following settings:
The network configuration includes several optimizations for the physical network interface:
post-up ethtool -K eno1 tso off gso off gro off
post-up ethtool -K eno1 tso off gso off gro off
post-up ethtool -s eno1 speed 1000 duplex full autoneg off
These optimizations:
Note: There appears to be a duplicate line for the TSO/GSO/GRO settings, which is likely unintentional.
The server's DNS configuration from /etc/resolv.conf:
search local
nameserver 1.1.1.1
The server uses:
localThe /etc/network/interfaces file also specifies Google DNS (8.8.8.8) as a secondary DNS, but this is not reflected in the active configuration.
The server's hostname configuration in /etc/hosts:
127.0.0.1 localhost.localdomain localhost
192.168.1.250 proxmox.local proxmox
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
The server:
proxmoxproxmox.localThe Proxmox firewall is currently disabled but the daemon is running:
Status: disabled/running
The current iptables configuration shows no active rules:
Chain INPUT (policy ACCEPT 2877K packets, 637M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2377K packets, 437M bytes)
pkts bytes target prot opt in out source destination
All chains (INPUT, FORWARD, OUTPUT) are set to the ACCEPT policy with no specific rules defined.
The single VM (ID 100, ubuntu) is configured with:
net0: virtio=BC:24:11:73:B7:A5,bridge=vmbr0,firewall=1
This configuration:
Network Isolation:
Firewall:
Network Location:
Disabled Host Firewall:
Public DNS Servers:
Network Interface Optimizations:
Physical Network Exposure:
Enable Host Firewall:
Network Segmentation:
Secure DNS Configuration:
Additional Security Measures:
Bridge Configuration:
NIC Configuration:
VM Network Performance:
The network has a simple flat topology:
Management Interface Security:
VM Traffic Isolation:
Port Security:
The Proxmox server has a basic network configuration suitable for a simple environment. The network architecture uses standard Linux bridging to connect the VM to the physical network. The host-level firewall is disabled, which presents a security concern, although the VM-specific firewall is enabled.
The network configuration includes some performance optimizations for the physical network interface, but these may impact performance in some scenarios. The DNS configuration uses public DNS servers, which may have privacy implications.
To enhance security, it is recommended to enable the host firewall, implement network segmentation, and consider additional security measures such as VPN access for management.