Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Noob OPNsense question on virtualization
« previous
next »
Print
Pages: [
1
]
Author
Topic: Noob OPNsense question on virtualization (Read 3089 times)
yannssolo
Newbie
Posts: 4
Karma: 0
Noob OPNsense question on virtualization
«
on:
July 15, 2019, 12:40:28 pm »
Hello,
I am about to install OPNsense as guest on headless host (Debian Buster/KVM)
I would like to make sure that the host will be isolated from the internet, but i don't really understand how it could be possible. I could "deny" the WAN network interface but if i do so, how the guest could have access to the internet?
The second option would be to "route" all internet traffic to the OPNsense guest first and then to the host and to my machines on the LAN.
But again, i think i do not get everything. I made lot of researches here and on google, but i do not find anything that could tell me how to parameter such a configuration ?
How did you manage to have a secures host for the internet ?
My second question is : As the host is headless and is installed on a dedicated machine without monitor.
Is there any "simple" web-based interface to install on the host so that i could administer all the virtualization stuff remotely ? I was thinking of oVirt but it appears to be experimental for Debian.
Thanks a lot for your help
Logged
yannssolo
Newbie
Posts: 4
Karma: 0
Re: Noob OPNsense question on virtualization
«
Reply #1 on:
July 16, 2019, 06:49:48 pm »
Snif...nobody wants to help me
Logged
hbc
Hero Member
Posts: 501
Karma: 47
Re: Noob OPNsense question on virtualization
«
Reply #2 on:
July 16, 2019, 07:07:40 pm »
Maybe you should ask in a virtualization specific forum, since your question is not really related to OPsense and every hypervisor provides its own tool to connect to console of guest os
And to secure your hypervisor. Simply add extra NIC, not routed to internet and use it for managment. The other physical NIC is bridged to WAN interface of opnsense. Your opnsense LAN interface and guests connect to a virtual switch. So every client has to use your virtual firewall.
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
yannssolo
Newbie
Posts: 4
Karma: 0
Re: Noob OPNsense question on virtualization
«
Reply #3 on:
July 16, 2019, 08:16:32 pm »
Thanks for your answer.
I think i got it. When i read you i think it's not so related to kvm stuff but opnsese and nic topology.
If i bridge a physical nic to the wan interface of opnsense, it's enough to consider the host isolated ? is that what you mean ?
In that way, the host does not have any connection to the internet ?
That's what i want, the host should not be reachable from the exterior.
Actually i have (not received yet, it's stucked at customs:)) a 6 NIC mini-pc. I think i have to investigate how to deal with vSwitch.
Thanks
Logged
john230873
Newbie
Posts: 7
Karma: 1
Re: Noob OPNsense question on virtualization
«
Reply #4 on:
July 21, 2019, 11:49:34 pm »
The other option you could have is to lock down the ip of the host (not opnsense) in the firewall rules on the network you are using, you could also look into the floating rules if you needed to. The IP you are concerned about is the management IP of your headless server.
You could also create a totally different subnet (vlan) and place that server on the different subnet, allow taffic between subnets but don't allow traffic out to the internet from the new management network.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Noob OPNsense question on virtualization