Separate network in proxmol (vlan?) with a single NIC and without managed switch

V

vzografos

New Member
Apr 29, 2024
2
0
1
Hello folks,
I am quite new to proxmox but I have a basic installation running for a few months now.

My current setup is as follows:
- I have a 4-port ADSL router (i dont see any vlan configuration there)
- proxmox box with single NIC connected to the ADSL router
- optionally I can also use a simple unmanaged switch


Right now I have various CTs and VMs running on proxmox and all of them connected to the same Linux Bridge vmbr0. They can all communicate to each other and have access to the internet. The ADSL router provides DHCP services giving all the VMs/CTs in Proxmox ip in the range 192.168.1.*


What I would like to do (if possible with my current setup) is to create a new subnet in Proxmox where I can spin up a few CTs/VMs such that:
- The can access the internet
- they cannot access or be accessed by any other device in my home network that is in the 192.168.1.* range (I'd rather not achieve this by firewall rules if possible).

Can you please tell me if such a setup if possible with the above hardware, and if so (e.g. by SDN?) please point me in the right direction (e.g. some tutorial perhaps?)
If it is not possible, can you advice me on what extra hardware I will need? (e.g. a new NICs, a new managed switch? etc etc).

Many thanks and I appreciate any help.
 
You could create another bridge vmbr1 not connected to a physical interface. Then you could run a router VM like pfsense/ONsense sitting on both bridges and doing the routing/firewalling between those two bridges/subnets. You still will have to work with firewall rules.
 
Last edited:
Hello,
Thanks that is an interesting idea.
Would you suggest Mikrotik instead of pfsense/opnsense?

 
Thats up to you what router OS to choose, as long as it allows you to create some rules that will only allow guests on the DMZ subnet to be routed to your ISP router IP and vice versa.

Still not optimal as all DMZ traffix will have to be routed over your LAN to be routed into the internet.
You might consider getting one of these N100 MiniPCs with quad-port NICs and use that to replace your ISPs router. That router could then alao work with VLANs and route between multiple isolated subnets.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back