We try to identify in a testing environment a system setup for home / small conditions
0. Hardware server running proxmox
1. Firewall
2. Unify Administration Container
3. Nextcloud Container
4. Wordpress Container
Thats it for the moment
The main question is on the "Firewall" side. What is "best" to use or should be used?
The host server has two network interfaces:
- first NIC is connected to the internet via "bridge mode" modem from ISP getting single external IP via DHCP
- second NIC is connected to LAN Switch.
a. use proxmox Firewall directly on host - if necessary implement iptables rules via post-up in /etc/network/interfaces
b. run separate LXC Container with Debian/Ubuntu and implement Firewall via iptables / nftables
c. run separate VM and use Firewall like pfSense / OPNsense etc.
Just to note: for the last 5 years we run a small hardware with Debian on it and configured iptables rules. All the other software (2-4) is running on that system in addition. We want to switch to containers because the update process while having so much dependencies is a mess.
Thanks for your feedback in advance
Tom
0. Hardware server running proxmox
1. Firewall
2. Unify Administration Container
3. Nextcloud Container
4. Wordpress Container
Thats it for the moment
The main question is on the "Firewall" side. What is "best" to use or should be used?
The host server has two network interfaces:
- first NIC is connected to the internet via "bridge mode" modem from ISP getting single external IP via DHCP
- second NIC is connected to LAN Switch.
a. use proxmox Firewall directly on host - if necessary implement iptables rules via post-up in /etc/network/interfaces
b. run separate LXC Container with Debian/Ubuntu and implement Firewall via iptables / nftables
c. run separate VM and use Firewall like pfSense / OPNsense etc.
Just to note: for the last 5 years we run a small hardware with Debian on it and configured iptables rules. All the other software (2-4) is running on that system in addition. We want to switch to containers because the update process while having so much dependencies is a mess.
Thanks for your feedback in advance
Tom
