Hi all,
I'm new to Proxmox, only used XCP-ng previously.
As the title hints at, I want to essentially isolate virtual machines from my LAN while exposing them to the WAN.
The router is going to run on Proxmox (most likely settling with virtualizing OPNsense.)
This will just be set up at home so the security aspect of running everything on the same machine is not super important.
As for the hardware, I will have 3 interfaces available.
One integrated on the motherboard (MSI B550M PRO-VDH) and two PCI-E adapters (TP-Link TG-3468 V4) attached to it.
I want the integrated NIC to act as an access port for Proxmox (or maybe OPNsense) in case I screw up and the remaining NICs to act as the LAN/WAN interfaces.
From what I've read, configuring the integrated NIC should be trivial.
When I install Proxmox, I will probably connect with the integrated NIC to my current LAN for internet access and then set up the router.
(To simplify the thought process, I'll refer to the virtual network between the VMs as the DMZ.)
Here's my idea:
Sounds pretty simple. But is this how you do it?
Furthermore, I'm a little confused about these things:
I'm new to Proxmox, only used XCP-ng previously.
As the title hints at, I want to essentially isolate virtual machines from my LAN while exposing them to the WAN.
The router is going to run on Proxmox (most likely settling with virtualizing OPNsense.)
This will just be set up at home so the security aspect of running everything on the same machine is not super important.
As for the hardware, I will have 3 interfaces available.
One integrated on the motherboard (MSI B550M PRO-VDH) and two PCI-E adapters (TP-Link TG-3468 V4) attached to it.
I want the integrated NIC to act as an access port for Proxmox (or maybe OPNsense) in case I screw up and the remaining NICs to act as the LAN/WAN interfaces.
From what I've read, configuring the integrated NIC should be trivial.
When I install Proxmox, I will probably connect with the integrated NIC to my current LAN for internet access and then set up the router.
(To simplify the thought process, I'll refer to the virtual network between the VMs as the DMZ.)
Here's my idea:
- Bridge the virtual machines together to create the DMZ.
- Expose the LAN/WAN NICs as well as the DMZ bridge to OPNsense and let it route traffic between these networks.
Sounds pretty simple. But is this how you do it?
Furthermore, I'm a little confused about these things:
- How would the firewall on Proxmox be configured when these networks are supposed to be managed by a virtual machine?
- Is it better to passthrough the PCI-E NICs to OPNsense or bridge them to it?
- Could I expose Proxmox and OPNsense on the integrated NIC, without any issues accessing Proxmox if the OPNsense VM is shutdown?