Cool. Yes, this looks reasonable. It looks logical.
So, my main recommendation is consider the use of virtual bridges to manage the network instead of passthrough. And I recommend installing and using the OVS style virtual bridge.
pve.proxmox.com/wiki/Open_vSwitch
This gives you flexibility going forward. Say you want to run something out in the DMZ instead of behind the firewall, well you just attach that VM to the DMZ bridge instead. And it gives you an easy way to provision network for VMs. You just attach them to the LAN bridge.
(RoaS is a terrible name. Router on a Stick. It means your router is on the same switch as its clients, and all the communications go up and down that one port. It’s a perfectly legit way to manage a network, but sorta ugly and not what you are doing with your fancy 3-port rig. :)
xavier666@lemmy.umucat.day
dbtng@eviltoast.org
zarathustrad@lemmy.world 1 day ago
I essentially just did this as a total beginner and it worked. (I have built my own gaming PCs and took basic/Pascal programming in HS, but have no real network experience)
I had some old enterprise mini PCs, added a second NIC to one and put Opnscence and pihole VMs on it. I ended up doing PCI Passthrough for the new NIC for the Opnscence VM so the WAN/modem is isolated from the host. Bit a simple bridge works. The management LAN NIC is just in bridge mode.
I’m probably too new to be offering advice, so I’ll just pile on the encouragement. You can do it!