Hi,
Since I have no option of placing a HW firewall in front of our Proxmox two-node cluster, I was wondering if the following setup is reasonable or whether it has shortcomings I am not yet aware of:
So, has anyone done this before, using private addresses for the cluster services and not the default external ones?
Thanks for any pointers and hints!
Stephan
Since I have no option of placing a HW firewall in front of our Proxmox two-node cluster, I was wondering if the following setup is reasonable or whether it has shortcomings I am not yet aware of:
- Set up cluster IP addresses to be private during Proxmox setup using the NICs of the interconnect (cross-over cable), let's call it eth0
- Use DRBD etc. on eth0 interconnect, too (already works like that now)
- configure eth1 with public IP address (for vm's) - add vmbr1 to bridge to eth1
- iptables: allow all on private eth0 / block all on public eth1 except ssh
- web access: tunnel 8006 thru ssh on eth1
So, has anyone done this before, using private addresses for the cluster services and not the default external ones?
Thanks for any pointers and hints!
Stephan