Hi everyone, have alread read and watched a few guides but it still didnt click with me on how to aproach my goal. Hopefully someone can shed some light on my situation.
I am planning to segment my home lab to improve security but there are so many ways I got overhelmed.
What I want to achieve:
Create a barrier between the Proxmox Management network and the VM network, while maintaining SSH access from my main Desktop to all VMs.
Hardware Available:
Router: Fritzbox 7530
Switch: Smart Managed (VLAN capable) L2 Switch
Proxmox Host: Lenovo mini-PC (1 physical NIC)
Desktop (daily driver): Windows 10 (1 physical NIC)
Hard Constraints:
1. All LAN devices must have access to the VMs due to my planned jellyfin, paperless, etc. stuff.
2. Internet access for the house must not be reliant on Proxmox uptime
3. Only my Windows Desktop should have access to the Proxmox Management UI
At first, I frickled with VLAns until I realized that OPNsense would be before everything this making it unviable as an option as I dont want to rely on a virtualized firewall completely.
I then considered just using the VE firewall and dropping everything except packets from my desktop but this seems rather light as a barrier and also doesnt solve my OPNsense issue.
Additionally i got pretty confused regarding vlan and bridges in proxmox.
For now, I just created two interfaces on the opnsense VM utilizing vmbr0 and plan to map vnet0 to one and vnet1 to the other (WAN & LAN) but i am not sure how safe this is.
Future Considerations:
I plan to set up a virtualized OPNsense instance and an Nginx reverse proxy to expose services like Immich and Nextcloud publicly via DynDNS and port forwarding.
Sorry if the post is chaotic, I tried my best to be clear but my head is smoking from all the networking shenanigans.
I am planning to segment my home lab to improve security but there are so many ways I got overhelmed.
What I want to achieve:
Create a barrier between the Proxmox Management network and the VM network, while maintaining SSH access from my main Desktop to all VMs.
Hardware Available:
Router: Fritzbox 7530
Switch: Smart Managed (VLAN capable) L2 Switch
Proxmox Host: Lenovo mini-PC (1 physical NIC)
Desktop (daily driver): Windows 10 (1 physical NIC)
Hard Constraints:
1. All LAN devices must have access to the VMs due to my planned jellyfin, paperless, etc. stuff.
2. Internet access for the house must not be reliant on Proxmox uptime
3. Only my Windows Desktop should have access to the Proxmox Management UI
At first, I frickled with VLAns until I realized that OPNsense would be before everything this making it unviable as an option as I dont want to rely on a virtualized firewall completely.
I then considered just using the VE firewall and dropping everything except packets from my desktop but this seems rather light as a barrier and also doesnt solve my OPNsense issue.
Additionally i got pretty confused regarding vlan and bridges in proxmox.
For now, I just created two interfaces on the opnsense VM utilizing vmbr0 and plan to map vnet0 to one and vnet1 to the other (WAN & LAN) but i am not sure how safe this is.
Future Considerations:
I plan to set up a virtualized OPNsense instance and an Nginx reverse proxy to expose services like Immich and Nextcloud publicly via DynDNS and port forwarding.
Sorry if the post is chaotic, I tried my best to be clear but my head is smoking from all the networking shenanigans.