"
Thanks a lot @bimbar for helping me out here!
I should have precised that this is the first time I try to make my own router/firewall and while I already learnt a lot, I didn't imagine falling in such a rabbit hole. That's why I kind of stress out now in fear of missing something that would let someone break through into my network.
The linux container of AdGuardHome has been now replaced with the AdGuardHome plugin for OPNsense, but I still run freePBX on another VM.
Fingers crossed Proxmox is going to handle all that well!
I'm not quite sure to understand the following related to my B setup:
Anyway, I think I'm overthinking all this and if you say the Proxmox firewall is not necessary, I will then go with setup A!
Right now I'm still having my ISP router inbetween the internet and the enp1s0 NIC in setup A, but I plan to set it in modem mode once I'll be ready with Proxmox/OPNsense.
OPNsense vtnet0 NIC is getting an IP from the DHCP of the ISP router, let's say 192.168.1.100.
There is a free NIC on the ISP router where I can attach a laptop to, it also gets an IP in the 192.168.1.x range.
From that laptop, I'm not able to ping the 192.168.1.100 address.
Same with nmap -Pn, no result.
I guess it's a good sign?
Are there any other things/tools that are worth a check?
I should have precised that this is the first time I try to make my own router/firewall and while I already learnt a lot, I didn't imagine falling in such a rabbit hole. That's why I kind of stress out now in fear of missing something that would let someone break through into my network.
QuoteThe decision to use an hypervisor was taken because I also want to block advertisments with AdGuardHome and manage my IP phones with freePBX, all that on the same hardware box.
Moreover I would argue that virtualizing your firewall may be a bad idea for stability reasons if things go wrong.
The linux container of AdGuardHome has been now replaced with the AdGuardHome plugin for OPNsense, but I still run freePBX on another VM.
Fingers crossed Proxmox is going to handle all that well!
I'm not quite sure to understand the following related to my B setup:
QuoteCan you please elaborate?
In that case however I would not want a direct link to the VMs from the proxmox firewall.
Anyway, I think I'm overthinking all this and if you say the Proxmox firewall is not necessary, I will then go with setup A!
Right now I'm still having my ISP router inbetween the internet and the enp1s0 NIC in setup A, but I plan to set it in modem mode once I'll be ready with Proxmox/OPNsense.
OPNsense vtnet0 NIC is getting an IP from the DHCP of the ISP router, let's say 192.168.1.100.
There is a free NIC on the ISP router where I can attach a laptop to, it also gets an IP in the 192.168.1.x range.
From that laptop, I'm not able to ping the 192.168.1.100 address.
Same with nmap -Pn, no result.
I guess it's a good sign?
Are there any other things/tools that are worth a check?
