I currently have a bare metal instal of opnsense. I would like to add proxmox to my overall setup, but planning the proxmox on a separate bare metal instal on a machine that has more ram, but only one ethernet port.
Is there an issue having the proxmox installed on a PC with only one port? Will there be any configuration issues connecting the two machines, one with opnsense, the other with proxmox?
I have tried to research this but all results come back with a discussion of virtualizing opnsense. My plan is to have two separate bare metal installations.
I am so new to this...any help is appreciated!
There should not be any problem. Proxmox is just a server like any other and will do fine with a single network interface. Your OPNsense doesn't really care what you connect to your LAN.
Thank you for the reply. I am just starting to research how to utilize Proxmox, but my broad conceptualization of this is that the OPNsense router would be between my ISP and the Proxmox.
So the Proxmox would have an IP address on one of the VLANs? All the applications/OS installed on the Proxmox would then utilize the same single IP address? However, if I wanted to have software on Proxmox that monitored overall network activity would I then have to place the Proxmox between the ISP and OPNsense?
Obviously, I am new to this and trying to wrap my head around the general configuration.
Do a quick search for "router on a stick". Summary is that yes you use vlans for in and out. Personally I don't like this as it could open you up to a vlan hopping attack, but many people do things this way.
My personal preference is physical firewall with physical ports (at least physical port for WAN). To me this feels safer but it may not actually be better.
Quote from: Wrawky Stoan on February 28, 2024, 04:45:21 PM
Thank you for the reply. I am just starting to research how to utilize Proxmox, but my broad conceptualization of this is that the OPNsense router would be between my ISP and the Proxmox.
Sure. Proxmox is just a server in your LAN. Or in one of your other VLANs depending on how you want to partition your network. Companies frequently have half a dozen servers at least in some network all behind the single firewall (or a pair of them for high availability).
Quote from: Wrawky Stoan on February 28, 2024, 04:45:21 PM
So the Proxmox would have an IP address on one of the VLANs?
Yes. That is the management interface of your Proxmox server.
Quote from: Wrawky Stoan on February 28, 2024, 04:45:21 PM
All the applications/OS installed on the Proxmox would then utilize the same single IP address?
If they are container based then probably yes. VMs use a bridge to connect to the VLAN that Proxmox is connected to and each VM gets its own IP address.
You can also create VLANs on the single interface of your Proxmox host, run a tagged connection to your switch, and bridge some VMs to VLAN X and some to VLAN Y.
Quote from: Wrawky Stoan on February 28, 2024, 04:45:21 PM
However, if I wanted to have software on Proxmox that monitored overall network activity would I then have to place the Proxmox between the ISP and OPNsense?
First - if I am not mistaken, I do not run Proxmox myself - you won't "run software" omn Proxmox. Proxmos is first and foremost a virtualisation host supporting containers and VMs. You create e.g. VMs that run a complete operating system (virtual servers) and install your applications on them. Using a separate VM for each application (which is an entire server in itself with its own IP address and everything) makes maintenance, backup, restore etc. of these applications simpler. That's why VMs exist. If you want to run all your software on a single Linux host, that's what we did back in the 90s of last century, you can, but frequently there will be conflicts that cannot easily be resolved and e.g. updating one application might break others. So VMs. Also modern systems have more than enough power to do that.
HTH,
Patrick
Thank you Patrick and Greg... this helps me envision a general setup, still lots of research to be done!