[SOLVED] Security consideration for single host running few VM/LC

Feb 4, 2020
36
9
13
Hamburg, Germany
We try to identify in a testing environment a system setup for home / small conditions

0. Hardware server running proxmox
1. Firewall
2. Unify Administration Container
3. Nextcloud Container
4. Wordpress Container

Thats it for the moment

The main question is on the "Firewall" side. What is "best" to use or should be used?

The host server has two network interfaces:
- first NIC is connected to the internet via "bridge mode" modem from ISP getting single external IP via DHCP
- second NIC is connected to LAN Switch.

a. use proxmox Firewall directly on host - if necessary implement iptables rules via post-up in /etc/network/interfaces
b. run separate LXC Container with Debian/Ubuntu and implement Firewall via iptables / nftables
c. run separate VM and use Firewall like pfSense / OPNsense etc.

Just to note: for the last 5 years we run a small hardware with Debian on it and configured iptables rules. All the other software (2-4) is running on that system in addition. We want to switch to containers because the update process while having so much dependencies is a mess.

Thanks for your feedback in advance
Tom
 
Hi,

I guess the answer is more a convenience question?
The cleanest and resource-efficient way would be the variant b.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!