Hi everyone,
I would like to assess whether Proxmox can be used not only as an interface-based firewall but also as a router/firewall for my setup.
I have a 5-node Proxmox cluster with SDN configured and around 30 VLAN zones. The cluster nodes themselves do not have IP assignments on any of the SDN VLANs.
From my understanding, a common approach in this scenario is to set up a firewall appliance as a VM within the cluster. However, since Proxmox provides built-in firewall capabilities, it would be much more convenient to maintain all firewall rules at the VM and vNet level within Proxmox itself.
I understand that the Proxmox firewall is interface-based. To function as a router, Proxmox would need to:
1. Assign IPs to the SDN-created interfaces
2. Enable IP forwarding
It seems that Proxmox does not natively support this out of the box. My idea is to create a simple router-only VM with all SDN bridges assigned to it, allowing it to handle IP forwarding while still maintaining firewall rules via Proxmox.
Is this a feasible approach? What would be the best way to handle NAT in this setup? Can this be achieved using pve-firewall, or would I need additional configurations?
Many thanks,
Michael
I would like to assess whether Proxmox can be used not only as an interface-based firewall but also as a router/firewall for my setup.
I have a 5-node Proxmox cluster with SDN configured and around 30 VLAN zones. The cluster nodes themselves do not have IP assignments on any of the SDN VLANs.
From my understanding, a common approach in this scenario is to set up a firewall appliance as a VM within the cluster. However, since Proxmox provides built-in firewall capabilities, it would be much more convenient to maintain all firewall rules at the VM and vNet level within Proxmox itself.
I understand that the Proxmox firewall is interface-based. To function as a router, Proxmox would need to:
1. Assign IPs to the SDN-created interfaces
2. Enable IP forwarding
It seems that Proxmox does not natively support this out of the box. My idea is to create a simple router-only VM with all SDN bridges assigned to it, allowing it to handle IP forwarding while still maintaining firewall rules via Proxmox.
Is this a feasible approach? What would be the best way to handle NAT in this setup? Can this be achieved using pve-firewall, or would I need additional configurations?
Many thanks,
Michael