Hi,
I am just trying to figure out how to put some kind of software-firewall (pfsense/ipfire) between 2 networks.
My proxmox-host hast got 2 Nics. At the moment I am only using one of them (192.168.252.x/24) all devices -including the proxmox host- are running on this net. I set up an explicit VM, where all requests (port 443) are forwarded from my 5G router.
Now I would like to split networks via software-firewall, to have more control. The 192.168.252.x network should be considered the "RED" zone (internet-zone) where the internal devices should move to 10.0.0.x/24 and the so called "GREEN" zone. (LAN)
To archive this, I set up a second bridge vmbr1 on the second NIC (and gave the ip 10.0.0.1/24) to it.
All traffic to port 443 from the official IP should be redirected directly to 192.168.252.252 (Software-Firewall) and natted to VMs running at the Proxmox-Host using the GREEN zone
To have it in some kind of grahics - this is what I would like to do. Only thing bad about that is, that there is no real separation of the Host and the internal network = the VMs reachable from the internet, are also in the GREEN zone:

The better way may be to use a ORANGE zone (=DMZ), where all VMs are attached to, but this will need a virtual Nic / Zone where the software firewall can connect to. Is this possible in Proxmox?
I am just trying to figure out how to put some kind of software-firewall (pfsense/ipfire) between 2 networks.
My proxmox-host hast got 2 Nics. At the moment I am only using one of them (192.168.252.x/24) all devices -including the proxmox host- are running on this net. I set up an explicit VM, where all requests (port 443) are forwarded from my 5G router.
Now I would like to split networks via software-firewall, to have more control. The 192.168.252.x network should be considered the "RED" zone (internet-zone) where the internal devices should move to 10.0.0.x/24 and the so called "GREEN" zone. (LAN)
To archive this, I set up a second bridge vmbr1 on the second NIC (and gave the ip 10.0.0.1/24) to it.
All traffic to port 443 from the official IP should be redirected directly to 192.168.252.252 (Software-Firewall) and natted to VMs running at the Proxmox-Host using the GREEN zone
To have it in some kind of grahics - this is what I would like to do. Only thing bad about that is, that there is no real separation of the Host and the internal network = the VMs reachable from the internet, are also in the GREEN zone:

The better way may be to use a ORANGE zone (=DMZ), where all VMs are attached to, but this will need a virtual Nic / Zone where the software firewall can connect to. Is this possible in Proxmox?