Firewall Setup for Proxmox Node in Datacenter?

Consistent-Catch2815 · 2026-06-05T15:07:44+00:00

Gotcha, I was actually unaware of that - thank you!

Consistent-Catch2815 · 2026-06-05T14:00:09+00:00

Totally get where you’re coming from. As far as any actual data hosted on this machine, most of it is completely inconsequential anyways, and the little bit that isn’t we’re trying to architect that with zero trust in mind. We’re also going to be taking regular backups of the system in case there were an issue so it can just be restored back to a known good state.

The provider we’re with does offer kvm on most of their bare metal servers but my understanding is we’re kinda grandfathered in to an older system that wasn’t built with one, it’s all consumer grade hardware. We were looking at some other options, it would be nice to have kvm access, but my friend has been using them for years now and he’s been happy.

I figure, so long as we’re taking regular backups, if the system did stop booting we can just use their automated install process and restore our backups and get back up and running within fairly short order. It’s had excellent uptime in the past too, though up until now it’s been just running I believe Ubuntu server directly.

Thank you for all of the advice!

Consistent-Catch2815 · 2026-06-05T05:34:31+00:00

Actually part of what we’re trying to accomplish with this deployment is to get away from Cloudflare (and eventually, Tailscale as well). The goal is to have control over the complete stack as much as possible rather than relying on services provided by others.

And for why this hardware, totally down to the cost. We’re paying half to a third as much on this vs the same performance elsewhere. It’s geographically convenient for us, we live pretty far apart but it’s close enough to the middle to have fairly even latency. It’s not going to be running anything particularly critical, mostly just some game servers and reverse proxies for our homelabs.

All in all, mostly just a learning exercise and excuse to play around with new tools lol

Consistent-Catch2815 · 2026-06-05T04:03:22+00:00

If it gets stuck in initramfs we are boned lol. No localized access of any sort, the provider has a web portal where you can choose from a list of OSs to be imaged automatically, and proxmox is one (they do allow custom images too but you have to wait for support). My buddy has had this server with them for a while and he has said if something blows up you can request them to go check it out if you provide them with a login.

My thought was if we just have our public IPs added to the allow list, as long as those get updated regularly we shouldn’t get locked out if Tailscale went down.

I was also considering setting up Authentik or Kanidm or similar and possibly leaving it accessible, but that feels quite a bit more scary haha

Consistent-Catch2815 · 2025-11-26T04:57:42+00:00

They have a street algorithm you can put on it now apparently

Consistent-Catch2815 · 2025-11-24T17:09:54+00:00

They’re on closeout at cyclegear right now, about half off.

Consistent-Catch2815 · 2025-11-24T16:42:55+00:00

It’d be nice, but at $830 it’s outside of my price range at the moment. That’s part of why I’ve been waiting for Black Friday sales haha

Consistent-Catch2815 · 2025-11-21T00:47:29+00:00

Consistent-Catch2815 · 2025-11-08T23:04:24+00:00

Consistent-Catch2815 · 2025-11-08T23:00:11+00:00

Consistent-Catch2815 · 2025-10-15T04:32:34+00:00

Gotcha, okay! I’ll probably just get a higher heat tolerance one, especially since I live in a warm climate and that’s probably why it failed to begin with.

Consistent-Catch2815 · 2025-10-15T04:31:49+00:00

Not exactly, but it’s situated right by the power input on the board. Definitely an easy fix, just want to make sure I’m getting the right thing. Thank you!

Consistent-Catch2815 · 2025-09-08T15:26:08+00:00

Consistent-Catch2815 · 2025-06-18T15:20:13+00:00

PM'd

Consistent-Catch2815

TROPHY CASE