Proxmox FAQ

Q: I can't connect to CT/VM by ssh after install it A: check if sshd are running or not by using command:

// check sshd status
sudo systemctl status sshd
// if not running you can turn it on with command below
sudo systemctl start sshd

If you can connect but can't login as root with password, make sure to add permit login

// open sshd config
sudo nano /etc/ssh/sshd_config

// Change
// PermitRootLogin without-password
// to
// PermitRootLogin yes
// Remove the // before the PermitRootLogin, save the file, CTRL+X , Y , Enter

// Restart sshd services with command below
sudo systemctl restart sshd

Q: I can't connect my local machine from outside (i have my public ip setup already to the machine), I want to use 1 ip for all vm/ct. or vm can't connect to internet. A: Use port forwarding to make it possible.

Enable eth0 route localnet

sudo sed -i '/net.ipv4.conf.eth0.route_localnet/d' /etc/sysctl.conf
sudo sed -i -e '$anet.ipv4.conf.eth0.route_localnet=1' /etc/sysctl.conf
sudo sysctl -p

Create Firewall Script

#!/bin/bash
/usr/sbin/iptables -t nat -A POSTROUTING -j MASQUERADE
/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d PUBLICIP --dport 10001 -j DNAT --to-destination LOCALIP:10001
/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d PUBLICIP --dport 10002 -j DNAT --to-destination LOCALIP:10002

Create Crontab

crontab -e

then add code below

@reboot /bin/bash /root/firewall.sh >> /root/firewall.log 2>&1

this firewall rule will be activated everytime your machine are restarted. also the logs are available on /root/firewall.log if you meet some problem.

Checking Active Rule

sudo iptables -t nat -v -L PREROUTING -n --line-number

Deleting Rule without restarting machine

// check active rule first, then there is a line number of the rule
// for example you want to delete rule number 4 use command below:
sudo iptables -t nat -D PREROUTING 4
// this only delete on this session, if you need to make it permanent, 
// don't forget to remove the rule from firewall.sh 

Add Rule without restarting machine

iptables -t nat -A PREROUTING -p tcp -d PUBLICIP --dport 36657 -j DNAT --to-destination LOCALIP:26657

// this only delete on this session, if you need to make it permanent, 
// don't forget to add the rule from firewall.sh using the 

Q: unsupported Ubuntu version '24.04'

A: comment / disable enterprise repository and add the non-pve

nano /etc/apt/sources.list.d/ceph.list
// add # in front of all repository listed
// save file (CTRL + X, Y, Enter)

nano /etc/apt/sources.list.d/pve-enterprise.list
// add # in front of all repository listed
// save file (CTRL + X, Y, Enter)

nano /etc/apt/sources.list
// add on last line:  deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
// save file (CTRL + X, Y, Enter)

apt update
apt full-upgrade
// after full-upgrade success, create CT again

Last updated