To achieve this setup — where Proxmox’s web interface on port 8006 is only accessible via one specific NIC and not the other — you need to bind the Proxmox web GUI to a specific IP address.
Here’s how you can do that:
🔧 Steps to Bind Port 8006 and 3128(spice) to a Specific NIC/IP
- Identify the NIC/IPs: Run: bashCopyEdit
ip aLet’s assume:- NIC1 (management):
192.212.5.245— this should allow port 8006 - NIC2 (isolated):
10.10.10.10— this should block port 8006
- NIC1 (management):
- Edit Proxmox Web GUI service config: Open this file: bashCopyEdit
nano /etc/default/pveproxy - Bind it to a specific IP (management interface): Find or add the line:
LISTEN_IP="192.212.5.245" - Restart the
pveproxyservice:systemctl restart pveproxyandsystemctl restart spiceproxyThis change will make the Proxmox GUI listen only on192.212.5.245, and not on all interfaces.
✅ Optional: Confirm It’s Working
You can test by running:
ss -tuln | grep 8006
You should see:
LISTEN 0 50 192.212.5.245:8006 ...
And not 0.0.0.0:8006 or 10.10.10.10:8006.