Hello to all!
I'm using OPNsense from few mounts now and I love it! But I want to make my home network just a little bit more organized and I need your help because I'm lost...
Recently I've manage to get HP ProCurve 2626 (J4900C) for $10 from eBay and after resurrecting one old HP 6005 Pro (AMD ATHLON II X4 645, 16GB Ram, 2x2TB HDDs) I'm ready to start!
That is old hardware - I know that, also there will be issues like old firmware, etc. - I know that also - but for the moment I can't invest any money to make it better, so I need to work with what I have.
So after few days of cleaning dust, changing thermal paste and preparing small place where to put everything I want to make something which will work and will be practical, so here is my idea:
- Proxmox as main OS
- OPNsense as guest VM
- Another VM for few lightweight WEB apps
So far, so good but here is my problem: My machine have only one NIC and I want to use it for so called "router on a stick"
What is my topology:
- ISP up-link enters my apartment - it's a cat6 cable without modem/router and this cable is connected to one of the Gbe ports of my switch
- the host machine is connected to the second Gbe port of the switch
- few ports are occupied by dummy APs, 2 PC and 3 SBC's
What is my issue:
I don't know how to set all VLANs and briges correctly so the OPNsense VM to act as normal router so, all hardwired/wireless devices to get their IP from OPNsense's DHCP, and all other VMs to be able to access internet also.
So I'm open for any ideas/suggestions/comments!
P.S. Please check attached diagram
Anyone? As far as I know this setup is not the best approach, but possible.
I'm an OpenSense newbie , and even still waiting for my hardware.
But i do know networking, and your setup is as you mention a "Router (fw) on a stick"
For Zone (Lan) separation you need to run 802.1q tagging (Vlans).
Decide what switchport your OpenSense PC would connect to , that would be your "Uplink port" , let's say it's port 24.
You would create a Vlan for each Zone (separate lan) in the switch, and make the ports where you connect your equipment for that specific Zone , an untagged member of that vlan.
If you ie. have 3 ap's in the same Zone , you would just make 3 switchports untagged mebers of the same Zone (Vlan), and plug the AP's into those ports.
For every Zone/Vlan you create on the switch , that is to be handled by OpenSense , you would also need to make that Vlan a tagged member of your "Uplink port" (Port 24).
This means that traffic from all Zones/Vlans would also go via the single "Uplink port (24) to the OpenSense Box , where the OpenSense would be able to do the routing & firewalling between the different Zones.
So all Zone members (PC's) , AP's etc. would connect to an untagged Vlan port on the switch , and all created Vlans on the switch that have to be handled by OpenSense , would have to be a tagged member of the OpenSense "uplink port" (port 24)
Now your L2 (Layer2) network is done , and you'd need to create a matching (Vlan) interface on the OpenSense Box , for each vlan you have tagged in the switch for transport on the fw (firewall) "Uplink port"
/Mega32