Hello. I have a router Fritzbox that doesn't support DMZ and vlan.
I'm my office I have proxmox with 2 ethernet, one for VPS and one for management both in the same subnet (VPS+ private devices).
Now, to avoid opnsense and similar, I have NAT ports 80 and 443 to nginx proxy VPS and on this proxy and on all other VPS giving services behind the proxy or directly to internet on other ports..
I have setup proxmox firewall with a security group allowing out connection only to the gateway 192.168.20.1 and denying any connection to the subnet 192.168.20.0/24.. now all exposed VPS can communicate only with the gateway and not with other LAN devices, but at the same time a LAN device can connect with any VPS..
finally the VPS ethernet card is filtered with suricata.
My question is.. is this configuration secure than a virtual or dedicated firewall with DMZ , internet and green zone?
I can think me safe with this configuration?
Thank you!
I'm my office I have proxmox with 2 ethernet, one for VPS and one for management both in the same subnet (VPS+ private devices).
Now, to avoid opnsense and similar, I have NAT ports 80 and 443 to nginx proxy VPS and on this proxy and on all other VPS giving services behind the proxy or directly to internet on other ports..
I have setup proxmox firewall with a security group allowing out connection only to the gateway 192.168.20.1 and denying any connection to the subnet 192.168.20.0/24.. now all exposed VPS can communicate only with the gateway and not with other LAN devices, but at the same time a LAN device can connect with any VPS..
finally the VPS ethernet card is filtered with suricata.
My question is.. is this configuration secure than a virtual or dedicated firewall with DMZ , internet and green zone?
I can think me safe with this configuration?
Thank you!
Last edited: