It will make networking a lot easier to secure (and comprehend) and a lot less complex, with less risk for mistakes, especially if you start throwing VLANs in there to break up the network and segregate portions of it. Use two distinct devices, a firewall, at your border, and a device (server) behind that is the best model. While I recognize saving money might be something you may wish to do, this isn’t one of the places where you would do that. Modifying the rules that manage global external access to your network is a terrible idea. The idea of a hypervisor, (docker, libvirtd, esxi, etc) all modify iptables to do NATing between VMs/containers. Software always has bugs and works unexpectedly. I do not suggest this for security reasons. If Proxmox: Which VM setup would you recommend? (Which CPU, which NIC, RAM settings etc.It’s also able to run the ESXi hypervisor out-of-the-box, which give you a lot of options to use it as a firewall+router+server combo. Others struggle with stability and/or performance. Looking at the forum, I see a mixed picture: Some swear by Proxmox as a base and have a stable system. Quick jump of a backup VM in case of problems Snapshot possibility before updates or an experimental change Now I wonder if I should install OPNsense directly on the hardware, or if I should install Proxmox as a base, so that I can benefit even better from the great performance of the hardware. (Almost) identical in construction to Protectli FW6D. On the shortlist is a Yanling Hardware appliance (from Aliexpress) with 6 Intel NIC, Intel i5-8250U CPU, 16GB RAM, 500GB SSD. maybe Sensei (only analysis and reporting) Now I want to make my firewall fit, if I should have GBit internet one day and so I can run some more services performant: I have been running OPNsense successfully on an APU2c4 for quite some time.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |