Waddup.
New to proxmox, but I'm trying to setup a network for a friend, and I added a diagram of what we have so far. It's a double NAT setup behind a consumer grade ISP package to isolate locally hosted media servers a bit, and provide a 'sandbox' environment to homelab in.
I am aware that it isn't ideal to have the hypervisor on the 'LAN' network, but with the setup shown, this should provide the ability to 'airgap' the hypervisor by removing the cable from OPT1, right?? Update every weekend and pull the plug maybe? Does the LAN/WAN network card provide internet access to the hypervisor if no gateway or IP is defined at the node level?
Also, I did add a bridge over both LAN and WAN ports respectively, as well as OPT1; Its just not shown in the diagram. No VLANs have been configured at the hypervisor level (yet).
Proxmox firewall summary so far:
DC:
-Allow in from OPT1 @ x ip addr
-Drop all inbound
Node:
-Allow in from OPT1 @ x ip addr
-Drop all inbound
VM:
-Disabled entirely and left to OPNsense to handle
Tips, tricks, security recommendations, tell me I'm a bloody moron? What do you have?
New to proxmox, but I'm trying to setup a network for a friend, and I added a diagram of what we have so far. It's a double NAT setup behind a consumer grade ISP package to isolate locally hosted media servers a bit, and provide a 'sandbox' environment to homelab in.
I am aware that it isn't ideal to have the hypervisor on the 'LAN' network, but with the setup shown, this should provide the ability to 'airgap' the hypervisor by removing the cable from OPT1, right?? Update every weekend and pull the plug maybe? Does the LAN/WAN network card provide internet access to the hypervisor if no gateway or IP is defined at the node level?
Also, I did add a bridge over both LAN and WAN ports respectively, as well as OPT1; Its just not shown in the diagram. No VLANs have been configured at the hypervisor level (yet).
Proxmox firewall summary so far:
DC:
-Allow in from OPT1 @ x ip addr
-Drop all inbound
Node:
-Allow in from OPT1 @ x ip addr
-Drop all inbound
VM:
-Disabled entirely and left to OPNsense to handle
Tips, tricks, security recommendations, tell me I'm a bloody moron? What do you have?
