Setting Proxmox behind Opnsense Firewall

S

StoneCodes

New Member
Aug 22, 2018
2
0
1
28
Hi,
iam trying to secure the proxmox host (dedicated server at hetzner) via a vm firewall (in this case opnsense).
But iam not really sure how to do it.
The functionallity i now have is:
I have 2 Public IP-Addresses one for the proxmox host and one for the opnsense vm.
The opnsense vm is working as gateway and firewall for all the vms in the private network (10.0.0.0/24)

Is it even possible to set the proxmox host behind this vm firewall?

Iam providing my network config i have right now.

Code: 
auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
        address  ***.***.***.124
        netmask 255.255.255.224
        gateway ***.***.***.97
        pointopoint ***.***.***.97
        bridge_ports eno1
        bridge_stp off
        bridge_fd 0

        up ip route add ***.***.***.58/32 dev vmbr0
        up ip route add 10.0.0.0/24 via ***.***.***.58 dev vmbr0

        up sysctl -w net.ipv4.ip_forward=1
        up sysctl -w net.ipv4.conf.eno1.send_redirects=0

auto vmbr30
iface vmbr30 inet static
        address 10.0.0.0
        netmask 255.255.255.0
        bridge_ports none
        bridge_stp off
        brdige_fd 0
 
StoneCodes said:
Is it even possible to set the proxmox host behind this vm firewall?
Click to expand...
It is possible, but I do not recommend it at all. If your VM-firewall goes down (and does not start), you have no way to fix it, except going to your server and using its console (or wipe it out and re-install completely). Bad things do happen sometimes, OPNsense-update can be screwed, VPN-server can crash, etc, etc.

In my setup I'm using dedicated firewall as front-end for Proxmox. BTW even that picture is still simplified, there are a few more tweaks (console-access, ip/power-switch, etc)...
 
Well i see the downsides of my wanted setup you showed here, but i would like to test it. Its no production environment right now.
And if it turns into one iam gonna search for a solution with a hw firwall like u suggested.
So right now any help for the bridging would be appreciated
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back