Comment on Setting Up OPNsense on Proxmox: Doubts regarding NIC setup
chief@lemmy.zip 2 days ago
You cannot pass the nic through and still use it in proxmox - it loses all access to the nic. So if you want to go that route I recommend you to use eth3 as dedicated port for proxmox.
For (2) - affected in which way? Compared to which baseline? Are you concerned that your machine cannot keep up with 320Mbps? I doubt that.
For (3) - depends on your local network setup. Do you use vlans that need routing? Then it goes via OPNsense. Otherwise if all devices are in the same subnet, it likely will not.
For (5) - no loops. You’re not routing traffic between eth3 and eth2.
I need a clarification here.
If you have any resources regarding this setup, please share.
Thank you for your response.
chief@lemmy.zip 2 days ago
I think you have a typo here, eth1 is WAN not WLAN? you can configure eth3 to have a hardcoded ip. E.g. 192.168.1.2 - OPNsense must be aware that this ip has been assigned to a device so that the DHCP server doesn’t assign it to a different device. When the VM goes down you can still configure the network manually on your PC and access proxmox directly. Regarding routing tables, devices on the same subnet are routed directly, all other destinations usually go via the router. So 192.168.1.0/24 (Assuming /24 subnet) will work fine even if the router goes down as long as the connected device have a valid IP address in this segment. This is why the hardcoded ip will still work.
I use this setup myself, with the complication that I am using vlans. So for this to work I need to connect to the correct physical port on my switch, but you do not have this additional complexity.
I saw that you added the detail that you’re also running another vm - AFAIR you could route that via the management port as well with via proxmox without added complexity.
Corrected!
Yes, that’s why having this MGMT port is so important. Time to make some more cables :P
For some of the critical infra, I will probably hardcode the IP
I’ve elaborated upon this in this comment in this thread. Please check and let me know your opinions.