After beating my head against the wall over the course of many hours I have finally figured out how to get Proxmox working quite well on my cheap KimSufi server… with IPv6.

The goal of this article is to document (with varying levels of detail) how to go from a fresh KimSufi, OVH, or SoYouStart server to a running standalone Proxmox node with both IPv6 public networking as well as an internal VM/Container network.

Before we get going, (more…)

Hyper-V Dynamic Memory Allocation strikes again… I have decided to no longer use Dynamic Memory Allocation on any of my virtual machines. It is a fine idea in theory but it is extremely buggy and I am not sure how it made it into a production OS…

What’s the issue this time around? This is my third article talking about a bug related to Dynamic Memory Allocation. In this case it has to do with the clock sync on the VM. Which is a major ordeal if you happen to be working with a virtualized Domain Controller. Here was the situation… every time power got cut to the host and subsequently the VM was “hard powered” off, upon reboot the clock would be off by several hours. (more…)

If you don’t know what a firewall is, let’s start there…

A firewall is basically a digital “wall” that sits on the edge of your network or device. When someone makes a connection over a network or the internet to your server, they connect by the IP address + a Port. Firewalls, on a very basic level, say “allow traffic on this port” or “deny traffic on this port.”

So for web traffic you might connect to our server here: 91.121.109.60 on port 80. There are a lot of services that run on any machine and many of them you don’t want to be accessible from the internet. For example, many distributions of Ubuntu come with a running DNS server that is accessible on port 53. If left alone, this could be a route for people to exploit your machine.

One way to think about it is like your home. Your house has a physical address that someone can punch into a GPS and it will take them to your driveway. However to get into the house they will need to go through a door or a window. Ports are those doors and windows. If a person needs access to the services of your kitchen, then they can come through the kitchen door. If they need access to your garage, you can send them through the garage door. On a computer, different doors (ports) tend to correspond to different services (servers). For example, Apache Web Server commonly uses port 80 for HTTP traffic to host a website, or port 443 to host a secure website with SSL. SMTP servers often use port 25 to receive incoming mail. FTP servers often use port 21, and so forth and so on.

So it is advantageous to block certain ports. I.E. you might allow everyone to visit your kitchen but you don’t want everyone in your bedroom. It is best to actually just block all ports by default and only allow specific ports to incoming traffic.

Finally it is worth noting that firewalls can do all kinds of interesting and complex things with traffic. Most of those functions are well outside of the scope of this article, and outside of the scope of UFW, but we will get there. (more…)

This was going to be a long article but I decided to cut it short.

Use case:

You have a Remote Server – You need to securely access some sensitive service or another (let’s say a MySQL connection) and don’t want to open the port to up to the internet. What’s a person to do?
(more…)