I am in the process of setting up a virtualized OPNsense firewall on Proxmox on a Thinkcentre 720q. The proxmox host has 3 network interfaces.

  • A dual NIC gigabit card where one interface is for WAN and other for LAN, say eth1 and eth2
  • Another interface which came with the PC itself, say eth3

PS: I also have a switch for all my other devices.

After some research, I have understood that

  1. Passing (pass-through) the NIC to the OPNsense VM is better for performance
  2. Passing it through removes the interface from the host OS
  3. If passing is not done correctly, you may lose access to Proxmox.

My questions are

  1. How do I set eth2 to be the LAN port and also use it connect to proxmox?
  2. If I use point #1 (eth2 for LAN), how much will the throughput of eth2 be affected? (My ISP provides me symmetrical 320 Mbps link speed)
  3. If I use point #1, will local traffic (traffic handled by my switch) be affected?
  4. (Optional/Experimental) Since I have a spare port (eth3), can I use it for special purpose (a dedicated management port which will work even if OPNsense is down)?
  5. If I use point #4, my switch will have two ethernet connections from the proxmox host. Will this cause loops and kill my network?

You can answer this selectively by mentioning the question number.

If you have a better idea regarding how to setup OPNsense on Proxmox, please share.