I am currently managed a proxmox ve install as a colo.
One thing I was struggling with is making sure only the bare minimum services are exposed to the internet. I have partly achieved this by using cloudflare access which does a good job of protecting the web interface and other systems.
However, I cannot use it for other services like sftp or web services that doesn't work very well behind it.
I want to create a private network between my lxc / kvm containers, docker installs and some clients which only need to access the containers but not other each other or the public internet (I already have an internal network inside proxmox but I am not sure how to access it from outside the cluster).
What is an easy way to achieve that? I prefer not to tangle with iptables and complex configurations as much as possible.