How to configure networking for OPNsense guest?

gstrong

New Member
Sep 24, 2023
5
0
1
Hello, I'd like to run OPNsense as a guest in my proxmox box. I have several dedicated NICs for this purpose, but the relevant ones being the WAN port and the LAN port. I assumed that I would create a linux bridge in proxmox for the wan, and another for the lan, and create devices for each port and associate them with the physical nics. The WAN port should get its IP using DHCP, but when I create the bridge it wants a specific IP address in proxmox.

Could someone point me in the right direction here for how to set up my proxmox network to achieve what I'm trying to do?
 
You can create linux bridges without an IP. And you shouldn't set DHCP or static IPs there...at least not for the WAN. IPs set there are only for the host and not the guests.

Some people also prefer to PCI passthrough the NICs, especially the WAN so you don't got unsecure traffic over the host OS.
 
Last edited:
  • Like
Reactions: gstrong
You can create linux bridges without an IP. And you shouldn't set DHCP or static IPs there...at least not for the WAN. IPs set there are only for the host and not the guests.

Some people also prefer to PCI passthrough the NICs, especially the WAN so you don't got unsecure traffic over the host OS.

Would a material performance benefit be achieved with PCI passthrough over the VirtIO?
 
Would a material performance benefit be achieved with PCI passthrough over the VirtIO?
The VM could directly process the packages without the PVE in between slowing porcessing down. And the VM could make use of some hardware offloading features of the NIC.
So yes, if you got a fast NIC that could drastically improve performance. But when using slow Gbit NICs you shouldn't see a big difference.
Might still be useful to passthrough the Gbit WAN NIC if you are paranoid so the unsecure unfiltered internet traffic doesn't need to be handled the the host OS.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!