I am seeking guidance on the best method to integrate physical machines into a LAN network managed by a pfSense virtual machine running on Proxmox. Below is an overview of the current environment:
Two physical machines, each assigned public IP addresses on their primary NICs, need to be routed through pfSense. The goal is to connect their secondary NICs to the LAN managed by Proxmox (vmbr2), effectively placing them behind the pfSense firewall.
Proposed Approach:
- Host: Proxmox 8.2.2 on a server equipped with four physical NICs
- Virtual Machines: pfSense, functioning as the firewall and gateway, is deployed as a virtual machine
- Network Configuration:
- vmbr0 – Management bridge for Proxmox (Public IP)
- vmbr1 – WAN interface for pfSense (Public IP)
- vmbr2 – LAN interface for pfSense and internal virtual machines
Two physical machines, each assigned public IP addresses on their primary NICs, need to be routed through pfSense. The goal is to connect their secondary NICs to the LAN managed by Proxmox (vmbr2), effectively placing them behind the pfSense firewall.
Proposed Approach:
- The Proxmox host has two unused NICs.
- I am considering connecting the secondary NICs of the physical machines to these unused NICs on the Proxmox server.
- The unused NICs will be bridged to vmbr2, enabling the physical machines to interact with pfSense and other devices on the LAN.
Questions: - Is bridging the physical machines to the LAN via unused NICs on the Proxmox host considered best practice, or is there a more efficient and scalable approach to achieve this?
- Are there specific Proxmox or pfSense settings that can streamline the integration of physical machines into the LAN managed by pfSense
- From a security perspective, would isolating the LAN traffic of the physical machines on a dedicated bridge (separate from vmbr2) improve the overall architecture?
Any help is much appreciated
Thanks.