I'm thinking about migrating from a hardware firewall/router to pfSense a software solution. So, I setup a test environment using KVM in proxmox to benchmark things and once I'm happy with pfSense I'll purchase dedicated hardware to put in front of the other hardware. So now my problem is that I'm not really sure how secure my temporary setup will be and was wondering if anyone has had a similar setup and could share there iptables rules or other tips to secure the proxmox host.
Here's the configuration on the proxmox host:
WAN -> eth1 -> vmbr1 (no ip) -> pfSense WAN (KVM with public IPs)
pfSense LAN (private net default gateway) -> vmbr0 (private net) -> eth0 -> Internal network
So as you can see I'll have one proxmox host connected directly to the internet via eth1 which is a bridge vmbr1, with no IP addresses assigned to that bridge, only to the vm attached to that bridge. The KVM pfSense VM will then be setup as the default gateway for a few internal test machines to benchmark and see how good pfSense works.
Questions:
1) Are there ways to gain access directly to proxmox host via eth1.
2) Are there iptables rules I can setup on the proxmox host to prevent those threats while still allowing traffic to be bridged to the KVM firewall/router.
Any help/feedback would be greatly appreciated.
Thanks,
Ernie
Here's the configuration on the proxmox host:
WAN -> eth1 -> vmbr1 (no ip) -> pfSense WAN (KVM with public IPs)
pfSense LAN (private net default gateway) -> vmbr0 (private net) -> eth0 -> Internal network
So as you can see I'll have one proxmox host connected directly to the internet via eth1 which is a bridge vmbr1, with no IP addresses assigned to that bridge, only to the vm attached to that bridge. The KVM pfSense VM will then be setup as the default gateway for a few internal test machines to benchmark and see how good pfSense works.
Questions:
1) Are there ways to gain access directly to proxmox host via eth1.
2) Are there iptables rules I can setup on the proxmox host to prevent those threats while still allowing traffic to be bridged to the KVM firewall/router.
Any help/feedback would be greatly appreciated.
Thanks,
Ernie