Firewall Set up using Pfsense
- Thread starter Proxgbola
- Start date
Please use the google or the forums search function. This got discussed 1000 times.
Short overview:
Two NICs, one for WAN, one for LAN. Each NIC connected to a bridge. Firewall VM gets a virtio NIC on both bridges. Each other VM gets a virtio NIC on the LAN bridge. PVE host gets no gateway and no IP on the WAN bridge but both on the LAN bridge with the gateway pointing to the LAN IP of the Firewall VM.
For additional security, you could also create multiple DMZ bridges that are not connected to a physical NIC but having a virtio NIC of the Firewall VM and those other VMs/LXCs.
Short overview:
Two NICs, one for WAN, one for LAN. Each NIC connected to a bridge. Firewall VM gets a virtio NIC on both bridges. Each other VM gets a virtio NIC on the LAN bridge. PVE host gets no gateway and no IP on the WAN bridge but both on the LAN bridge with the gateway pointing to the LAN IP of the Firewall VM.
For additional security, you could also create multiple DMZ bridges that are not connected to a physical NIC but having a virtio NIC of the Firewall VM and those other VMs/LXCs.