Comment

Comment on Turn linux server into a router?

Ah I see, did not think of that. A network card with two ports would be enough right? One for the modem, and the other for clients, which ideally could be a switch, for more ports. That’s possible right?

source

Sort:hotnew top

rtxn@lemmy.world ⁨1⁩ ⁨day⁩ ago
Yes, that will be enough. You can also use a single port on the NIC and the one on the motherboard if it can handle the ethernet speed you want.

This is my network setup on Proxmox: Image

vmbr0 is a bridge that has a single port going to the modem. The OPNSense VM’s first virtual interface is connected to this and configured as a WAN interface. Nothing else connects to this bridge as it is exposed to the internet.

vmbr1 also has a single port that goes to the physical switch. OPNSense’s second interface connects to it as a LAN port, as well as every other VM and container running on the server.

source
- Toralv@lemmy.world ⁨1⁩ ⁨day⁩ ago
  I see, very nice. That would reduce the cost quite a bit. Thank you
  
  source
xavier666@lemmy.umucat.day ⁨15⁩ ⁨hours⁩ ago
If you virtualize, you’ll have to deal with the overhead. Unless you’re not running anything high-throughput, this approach is fine.

source
frongt@lemmy.zip ⁨1⁩ ⁨day⁩ ago
You only need one port. WAN to switch, switch to router. The router routes and sends it back to the switch, and the switch to the LAN. Vice versa for outbound traffic. It’s called a router on a stick.

Not recommended if you’re paranoid about security, because a malicious client or particularly malformed inbound traffic could bypass your router. For general use it’s perfectly fine.

source
- rtxn@lemmy.world ⁨1⁩ ⁨day⁩ ago
  Do not do that. You need to set up VLANs and proper separation between them on both the switch and the router, assuming the switch even supports tagged trunk lines. If you don’t, you’re just connecting all of your clients to the unfiltered internet.
  
  source
  - frongt@lemmy.zip ⁨1⁩ ⁨day⁩ ago
    Technically yes, but as long as your WAN gateway doesn’t provide a route, clients will only know how to reach your own gateway.
    
    source
    SapphironZA@sh.itjust.works ⁨23⁩ ⁨hours⁩ ago
    But your isp modem will have total access to your local devices.
    
    source
Semi_Hemi_Demigod@lemmy.world ⁨1⁩ ⁨day⁩ ago
Yes, that’s possible

source
glizzyguzzler@piefed.blahaj.zone ⁨1⁩ ⁨day⁩ ago
Add to that, for an extant installation I’d rec Incus for the VM work with its web-ui. You get to keep your kernel, you’re less tied at the hip to it.

2 port Intel NIC + some switch and your server is a router too. Opnsense’s web ui is great, can be difficult to find stuff but searching gets you there, but most is easy enough and it’s the best web ui + automatic updates for routers out there.

source