Security VPS and lan device without DMZ and vlan

openaspace

Active Member
Sep 16, 2019
486
10
38
Italy
Hello. I have a router Fritzbox that doesn't support DMZ and vlan.
I'm my office I have proxmox with 2 ethernet, one for VPS and one for management both in the same subnet (VPS+ private devices).

Now, to avoid opnsense and similar, I have NAT ports 80 and 443 to nginx proxy VPS and on this proxy and on all other VPS giving services behind the proxy or directly to internet on other ports..

I have setup proxmox firewall with a security group allowing out connection only to the gateway 192.168.20.1 and denying any connection to the subnet 192.168.20.0/24.. now all exposed VPS can communicate only with the gateway and not with other LAN devices, but at the same time a LAN device can connect with any VPS..

finally the VPS ethernet card is filtered with suricata.

My question is.. is this configuration secure than a virtual or dedicated firewall with DMZ , internet and green zone?

I can think me safe with this configuration?

Thank you!
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!