router vm - only one nic - 3 zones

M

mcdaniels

Member
Feb 1, 2021
44
0
11
48
Hi!

I have only got one physical nic, where my router is attached to. (LAN: 192.168.252.0/24) In this network proxmox, my PC and my mailserver are running on too. All one Subnet.

Now I would like to segment my network. The idea was to use ipfire as a router-vm.


vmbr0 = LAN\WAN = my Internetrouter (with physical nic bridged)

Via "create linux-bridge" I create vmbr1 and vmbr2 Not bridged to nic

but now I have an brain block.

With one nic I think it is not possible to separate LAN (physical PC), Router (LAN\WAN) and VMs (DMZ).

Networkscheme at the moment: 192.168.252.x = proxmox, VMs, PC, Router (LAN). I do port forwarding o my router at the moment to access services at the VMs.
 
You would need tagged VLANs for that but I guess your router/switch doesn't support that?
DMZ and LAN wouldn't be the problem as long as no other physical hosts need to be part of the DMZ. The problem is WAN + LAN subnet that need to go through the same NIC.
 
Last edited:
Hi,
no the switch cant do vlan.

What If I use an USB LAN adapter for connection to the Router?
 
Then you also need a switch and a Wifi AP if you don't already got them as your ISPs router would be on the WAN side and you need a switch and AP on the LAN side.
 
Hi, so something like this is not possible. Hope it is not to weird.
 

Attachments

  • proxmox.JPG
    proxmox.JPG
    105.8 KB · Views: 15
Sure, but as I already said you then need a switch you connect your LAN devices to and you won't be able to use your ISPs routers wifi anymore as this would be on the WAN side. So you need a Wifi AP attached to your LAN switch so have Wifi in your LAN.
 
Last edited:
I did not get the point, sorry. My lan devices are attached with a switch to the physical nic, proxmox management is running on and my PC & NAS are attached to it. Cant I just tell the router-vm to masquerade all traffic coming from LAN (vmbr0) to WAN (vmbr1) still using my ISPs router?
 
Everything on the WAN side of your firewall VM should be seen as unsecure and will be NATed. If you got devices on your ISPs router wifi these will be on your WAN subnet too and not your LAN subnet. So basically everything on the WAN side will be locked out from your LAN unless you create port-forwards for every wifi device and port in your firewall VMs firewall.
 
Yes that is clear to me. I dont need to access anything from WLAN (WAN) to LAN. So, beside of that, this configuration should work?
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom