Opnsense firewall on bridge, how to isolate clients

openaspace

Active Member
Sep 16, 2019
486
13
38
Italy
Hello.
I run opnsense firewall with public IP on the wan vmbr0 and virtual proxmox network bridge 192.168.30.0/24 on vmbr1 assigned to opnsense(...30.1)

How I can isolate some VPS from others inside the virtual Lan?

I need to create for example another virtual Lan IP/class like 10.0.0.0/24 with opnsense gateway for DHCP client on 10.0.0.1 and set a firewall rule to avoid access from each other Lan?

I'm wrong?

I can do something proxmox side? ( Considering that is opnsense to manage behind wan clients?)
 
Hello,

well you can create another bridge vmbr2 that is for the 10.0.0.0/24 subnet and give your opnsense firewall another interface connected to vmbr2. Then the only connection between the 10.0.0.0 and the 192.168.30.0 subnet is through your opnsense, where you can configure everything needed.

Kind regards,
Benedikt
 
  • Like
Reactions: openaspace

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!