I am in the process of setting up a virtualized OPNsense firewall on Proxmox on a Thinkcentre 720q. The proxmox host has 3 network interfaces.
- A dual NIC gigabit card where one interface is for WAN and other for LAN, say eth1 and eth2
- Another interface which came with the PC itself, say eth3
PS: I also have a switch for all my other devices.
After some research, I have understood that
- Passing (pass-through) the NIC to the OPNsense VM is better for performance
- Passing it through removes the interface from the host OS
- If passing is not done correctly, you may lose access to Proxmox.
My questions are
- How do I set eth2 to be the LAN port and also use it connect to proxmox?
- If I use point #1 (eth2 for LAN), how much will the throughput of eth2 be affected? (My ISP provides me symmetrical 320 Mbps link speed)
- If I use point #1, will local traffic (traffic handled by my switch) be affected?
- (Optional/Experimental) Since I have a spare port (eth3), can I use it for special purpose (a dedicated management port which will work even if OPNsense is down)?
- If I use point #4, my switch will have two ethernet connections from the proxmox host. Will this cause loops and kill my network?
You can answer this selectively by mentioning the question number.
If you have a better idea regarding how to setup OPNsense on Proxmox, please share.
xavier666@lemmy.umucat.day
dbtng@eviltoast.org
HamsterRage@lemmy.ca 15 hours ago
When I started out, I really wanted to do it this way too. A bare metal install just seemed a little crude, and I thought I might want to run other firewall related services from that node. I had technical issues, and OPNSense just didn’t want to run under Proxmox for me.
Finally, I said to hell with it and went with a bare metal install and, in retrospect, I’m glad it worked out that way.
OPNSense just works, and I don’t feel like there are any opportunities lost due to the bare metal install. Instead, it just feels really clean and sequestered from the homelab cluster as it should be.
I totally get the desire to want to muck about with Proxmox hosting and learn about how it works. That’s the right attitude. But hosting an OPNSense virtual machine isn’t the right starting place.
As a beginner, do beginner stuff. Install a Technitium container and learn about DNS. Install Immich, or Jellyfin or an *arr stack. But not a firewall as a VM.