I am in the process of setting up a virtualized OPNsense firewall on Proxmox on a Thinkcentre 720q. The proxmox host has 3 network interfaces.

  • A dual NIC gigabit card where one interface is for WAN and other for LAN, say eth1 and eth2
  • Another interface which came with the PC itself, say eth3

PS: I also have a switch for all my other devices.

After some research, I have understood that

  1. Passing (pass-through) the NIC to the OPNsense VM is better for performance
  2. Passing it through removes the interface from the host OS
  3. If passing is not done correctly, you may lose access to Proxmox.

My questions are

  1. How do I set eth2 to be the LAN port and also use it connect to proxmox?
  2. If I use point #1 (eth2 for LAN), how much will the throughput of eth2 be affected? (My ISP provides me symmetrical 320 Mbps link speed)
  3. If I use point #1, will local traffic (traffic handled by my switch) be affected?
  4. (Optional/Experimental) Since I have a spare port (eth3), can I use it for special purpose (a dedicated management port which will work even if OPNsense is down)?
  5. If I use point #4, my switch will have two ethernet connections from the proxmox host. Will this cause loops and kill my network?

You can answer this selectively by mentioning the question number.

If you have a better idea regarding how to setup OPNsense on Proxmox, please share.

Edit: Thank you for all your responses! It seems I have to study a lot. Let me answer a few questions

  1. I am not managing workloads for a dozen of people with strict SLAs. I’m just doing it for my family and myself.
  2. I understand the point that something as critical as a firewall should have its own hardware. However, I just want to experiment with few VMs on Proxmox. I want to setup Proxmox once and let it be.
  3. I eventually want to get into VLANs but that is not a priority right now. My future plan is to integrate this with some Omada access points.
  4. I’ve added a diagram of what I want to do. Please forgive my crude drawing as it’s the best I can do for now.

Please let me know if you want some more information

  • Analog@lemmy.ml
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    2 hours ago

    Fully support using opnsense buuut pfsense has a good guide for doing this exact thing. It works really well.

    https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html

    People recommending against proxmox don’t understand how good zfs is, but their points are valid for this being a sole point of failure. I virtualize pfsense to gain cluster advantages but tend to leave not too much else on that box.

    If you don’t pass through the card the VM can more easily be restored to dissimilar hardware. But those ports are dedicated to the pfsense/opnsense VM, leaving the single free port for proxmox management and VMs. I would enable VLANs for network segments but if you either don’t have switches that support tags or are new to all of this it’s going to be WAY less headache to just use it all untagged for now. (Spend time on funner things, seriously!)

    • xavier666@lemmy.umucat.dayOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      8 minutes ago

      I would enable VLANs for network segments but if you either don’t have switches that support tags or are new to all of this it’s going to be WAY less headache to just use it all untagged for now. (Spend time on funner things, seriously!)

      Setting up VLANs will be my next project :D . Right now, my goal is to get this thing working.

      I have messed up my timings a bit, so the dual NIC card is on the way from Amazon. I’ll post my results up here once it arrives.

  • Uncut_Lemon@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    5 hours ago

    Have done something similar, you’ll discover the joy of have no internet while you do server maintenance, upgrades or disaster recovery and worst case, hardware failures.

    Having internet and filesharing on one nic means internet will suffer while the nic is saturated.

    Ensure your other VMs are adequately delayed at initial boot, as that can cause weird things that need DHCP to be available

    Otherwise I never had issue running the router as a VM.

    • xavier666@lemmy.umucat.dayOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 minutes ago

      Have done something similar, you’ll discover the joy of have no internet while you do server maintenance, upgrades or disaster recovery and worst case, hardware failures.

      I may purchase another lower powered device to prevent a single point of failure, but I want to get this thing working. Sorry, too excited with Proxmox now :D Also, in the worst case scenario, I’ll just use my current router while I manage my OPNsense

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    4 minutes ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    DHCP Dynamic Host Configuration Protocol, automates assignment of IPs when connecting to a network
    ISP Internet Service Provider
    NAS Network-Attached Storage
    NAT Network Address Translation
    NUC Next Unit of Computing brand of Intel small computers
    PCIe Peripheral Component Interconnect Express
    SSD Solid State Drive mass storage
    VPN Virtual Private Network

    8 acronyms in this thread; the most compressed thread commented on today has 9 acronyms.

    [Thread #39 for this comm, first seen 3rd Jul 2026, 11:10] [FAQ] [Full list] [Contact] [Source code]

  • glizzyguzzler@piefed.blahaj.zone
    link
    fedilink
    English
    arrow-up
    4
    ·
    19 hours ago

    I have this setup. Upfront, I would not recommend Proxmox, the update methods are annoying. The better way is straight Debian with Incus installed, then you get straightforward stable Debian updates automatically - they won’t break anything and you’re secure. Sometime I’ll redo it - I haven’t because, of course, it is my router and when its down I don’t have internet! So foreboding and on the back burner.

    Also also Proxmox’s GUI leaves a lot to be desired (for me, it looks like ass and is confusing), Incus is nicer for VM control and Cockpit is nicer for host control. After typing all that I realize I’m a hater at this point

    I haven’t really noticed downtime issues cause of Proxmox updates cause I just do it when nothing is happening. And Proxmox hasn’t bricked itself, though I am wary of it because that has happened to others due to their rolling release update style.

    I’ve got a Dell Wyse 5070 Extended with a 2 port Intel NIC in it. I pass both ports through leaving the built-in port for managing Proxmox.

    Here are my notes:

    Set NIC PCIe Passthrough for Network Card

    nano /etc/default/grub

    • Edit this line by adding intel_iommu=on to get

    GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on"

    update-grub

    nano /etc/modules

    • Add these lines
    vfio  
    vfio_iommu_type1  
    vfio_pci  
    vfio_virqfd  
    

    update-initramfs -u -k all

    reboot

    Click on 2nd level thing named router on the left side vertical bar hierarchy thing and then click in the top right the blue Create VM button.

    • General tab
      • Name: OPNsense
      • Start at boot: checked
      • Start/Shutdown order: 1
      • Startup delay: 15
    • OS tab
      • Use media: DVD version (usb might work) of OPNsense.iso
    • System tab
      • Machine: q35
      • Bios: OVMF (UEFI)
        • Storage: local-lvm
        • UNCHECK Pre-enroll Keys (HATE)
    • Hard Disk tab
      • Disk size (GiB): 15
      • Discard: checked
      • SSD emulation: checked
    • CPU tab
      • Cores: 4
      • Type: host {makes it not moveable between diff CPU types but will theoretically allow for more speed}
    • Memory tab
      • Memory (MiB): 2048
      • Minimum memory (MiB): 512
    • Network tab
      • No network device: checked
    • Confirm tab
      • Do not start on creation
    • After creation, go to Hardware tab in the 2nd left vertical list on the browser page and click add
    • Click PCI Device
      • Device: ...01:00.0 I350 Gigabit... & ...01:00.1 I350 Gigabit... (1st & 2nd ones)
      • PCI-Express: checked

    Go to the Console tab in the 2nd left vertical list on the browser page and hit enter to get to a command line in the OPNsense VM

    !Add expand storage via command line!

    And lastly, during setup I have these notes

    It will choose wrong (WAN gets igb1 and LAN gets igb0 -> we want WAN gets igb0 and LAN gets igb1)  
    Default User: root, PW: opnsense (they don't tell you anywhere, you don't have internet b/c this is your new router, fuck em)  
    **Access at 192.168.1.1 via pluging an ethernet cable into the 1st port in a set of forwarded ports**  
    *Note that we will move it so the 1st port is the WAN (can't access OPNsense from the WAN port for safety), so after following this you access via 2nd port*  
    

    So watch out for those things. Not sure quite what I mean by the 1st and 2nd port things, may be related to on setup it had the order of the ports I wanted wrong so they’re switched till setup is complete and it reboots.

    I don’t remember doing this at this point, but maybe this info dump will help!

  • Possibly linux@lemmy.zip
    link
    fedilink
    English
    arrow-up
    16
    arrow-down
    1
    ·
    2 days ago

    I personally would not recommend this setup as any issue with your proxmox cluster will turn into a network issue.

    Instead, I would purchase a cheapish router that can run OpenWRT. If you are dead set on OPNsense you can find x86 boards from various vendors or you can make a dedicated router out of a network card and a small form factor computer

    • Dultas@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 hours ago

      Yeah, I did it briefly to test if I wanted to use it before getting a dedicated Protectli Vault. But gateway and NAS are both things I recommend not running on Proxmox long term.

      Router - for one you can’t form a quorum for a cluster if there is no network so you’d have to physically access the box every restart.

      NAS - You lose access to any backups you’re doing and ability to restore if that node fails.

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 hours ago

        To play devil’s advocate, technically don’t need a router for network. Your Proxmox hosts should be in the same layer 2 which means they can communicate regardless of the state of the default gateway.

    • dbtng@eviltoast.org
      link
      fedilink
      English
      arrow-up
      8
      ·
      2 days ago

      I own 2 OpenWRT routers. Fun little things. Love em.
      But running a virtual firewall is a perfectly reasonable goal. OpenWRT doesn’t have the feature set that OPNsense has.
      They are not the same sort of product. Lot of common ground, but not the same thing.

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        4
        ·
        2 days ago

        OpenWRT has a zone based Firewall just like OPNsense does. Sure it isn’t as clean but I don’t really see a usecase for OPNsense that OpenWRT couldn’t fulfill

    • xavier666@lemmy.umucat.dayOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 day ago

      I understand completely. But I will try my best to keep the Proxmox setup as stable as possible (no unnecessary fiddling/power backup). This is mostly an experiment. I have my old router as backup as well. I just wish I had the foresight to buy a router which had OpenWRT support :(

      • cubism_pitta@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 day ago

        I’ve been doing exactly this for the past 5 years or so.

        It’s been pretty stable and reliable.

        I went with the PCI passthrough method

  • NarrativeBear@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 day ago

    I have been running PfSense on Proxmox for ages now.

    What I do is the following.

    1. Pass the NIC card through to PfSense.
    2. Your motherboards ethernet port is plugged into your network switch (think of proxmox as just another pc on your network)
    3. In PfSense your NIC can now be seen and all ports can be assigned as needed. Assign one as WAN and the others as LAN.

    Set your pfSense /OPNsense to start at boot when you power on proxmox.

    FYI, you might occasionally run into issues where the NIC “GUID” changes so your VM won’t be able to start.

    When this happens your pfSense/OPNsense VM won’t start so your network will be in a “down state”. This means DHCP won’t be working either, and any PC that were not assigned a static IP won’t be able to access the Proxmox GUI to quickly fix the issue.

    You might occasionally need to hook up a temporary router between a PC and your Proxmox host to access the web GUI as a result. At least this is what I do when my outrage is longer then a hour.

    • xavier666@lemmy.umucat.dayOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 day ago

      Thanks, i may go this route.

      FYI, you might occasionally run into issues where the NIC “GUID” changes so your VM won’t be able to start.

      I think this is the same issue as a Linux host forgetting where to mount a disk since the UUID was not written in fstab.

      But why does the GUID change? Can’t it be hard-coded?

      • NarrativeBear@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 hours ago

        Honestly I don’t know enough to answer that question fully.

        From what I understand PCI addresses (01:00.0) are dynamically assigned by the motherboard’s BIOS at boot. Adding or removing PCIe devices, enabling M.2 drives, or adjusting BIOS settings often shifts your device addresses up or down which can prevent a VM from starting up.

        Reading online though, there now seems to be a workaround to this issue. I might need to give it a shot on my Proxmox machine.

        “PCI ID overrides” is the term in this document to search for.

        https://pve.proxmox.com/wiki/PCI(e)_Passthrough

  • jaschen306@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 day ago

    I did the same setup except I used pfsense and a Dell.

    I wouldn’t recommend it at all. Want setting change that requires a reboot from proxmox would result in a total lots of the network. The weakest link is settings based.

    I can’t begin to tell you the amount of times this happened to me that I went out and bought a Intel NUC and put the pfsense on bare metal.

    • xavier666@lemmy.umucat.dayOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 day ago

      Want setting change that requires a reboot from proxmox would result in a total lots of the network

      Did you mean a setting change in proxmox? If yes, then I understand the risks.

      Also, after the reboot does the setup comeback online automatically? Or do you need to perform some manual intervention?

      • Dultas@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 hours ago

        It will come back if you set it to start on boot. Make sure you set its priority to start before anything else that requires network connectivity. If you ever move to having a cluster it’ll be a real headache because you won’t have a network for quorum and so you’ll have to physically access the box to force start it. I would highly recommend going out and getting a NUC or some other dedicated hardware as a priority before any other expansion.

      • jaschen306@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 hours ago

        Well, at the time, there was no AI. So a lot of this was just me and stack overflow. I imagine it’s a lot easier now.

        I had 3 Ethernets. 2x 10Gbe. 1x 1Gbe.

        My Synology would directly connect to the proxmox directly using the 10Gbe since it has immich on it and the source of truth is on the Synology.

        The other 10Gbe went into the 10Gbe switch which had ports for 2.5Gbe and my wifi 7 connects to this.

        The main WAN would come in on the 1Gbe.

        Any random settings that I updated, I would lose everything and have to plug in a keyboard and redo the .conf.

        What I ended up doing was just have one the 10Gbe as the router WAN and then the 1Gbe became the console/different VLAN and so I don’t count on the router to connect to my pfsense.

        I still at the very end just gutted pfsense out and gave it a proper box. Never a problem since.

      • m4ylame0wecm@lemmy.zip
        link
        fedilink
        English
        arrow-up
        1
        ·
        8 hours ago

        Start on Boot for the VM should take care of that.

        My OpnSense is a VM on some n100 mini PC under proxmox. Regular reboots haven’t had a need to attach a monitor in years, or manually hit the proxmox webui for anything like that.

        If you skip passing through NICs, virtio can work just fine (1 Gbps NAT throughput on 1G intel nics). For me, this is to have the option of adding a 2nd opnSense or whatever alongside (segmentation or just prepping replacement or stuff like that). I also run small core services (dns) on the miniPC as additional containers or VMs.

  • sFencer09@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    3
    ·
    2 days ago

    The way I would do it is this (assuming this VM is going to act as your main router):

    Connect eth3 to your switch, set up proxmox with that as your management interface. Create the OPNSense VM and pass through the NIC, make sure you remove the one it automatically creates. It will either prompt you to set one port as WAN and one as LAN, or if you connect one port to your upstream connection it should autodetect that as WAN and assign the other as LAN. Finally, connect the LAN port to the switch as well; it won’t cause a network loop because eth3 isn’t bridged with either of the others (it can’t be, because the host can’t see a PCIe device being passed through to a VM).

    With this, you can always access the proxmox host via eth3, so no matter what happens to the OPNSense VM you can still access the host. Just make sure that the OPNSense LAN subnet overlaps with the IP you set in Proxmox - since it’ll probably be statically set, not DHCP, it won’t automatically pick up an IP in the LAN subnet.

  • frongt@lemmy.zip
    link
    fedilink
    English
    arrow-up
    3
    ·
    2 days ago

    Enable pci passthrough for the card, use the onboard interface for proxmox management. It will only cause a loop if you bridge the interfaces or enable routing in proxmox, which is really hard to do accidentally. Don’t worry about it too much. Even if it happens, just unplug one of the connections and reboot the switch, then go back in and fix it.

    • xavier666@lemmy.umucat.dayOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 day ago

      Enable pci passthrough for the card, use the onboard interface for proxmox management.

      This is exactly what I want to do! If you have any resources which implements this, kindly share.

  • Matt The Horwood@lemmy.horwood.cloud
    link
    fedilink
    English
    arrow-up
    2
    ·
    2 days ago

    The way you plug a VM into proxmox is with a virtual switch, bridge devices do they or the SDN stuff. I’ve played SDN yet so not sure how that works, but I do run bridges.

    I would make 2 bridges, br0 and br1.

    Br0 is the wan side of opensense, br1 is the Lan side.

    Don’t add any IP to either, add an IP to the last nic as a management port.

    Now plug your VM into the bridge devices.

    • MIXEDUNIVERS@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 days ago

      i use pfsense but i have done it like this bridge 0 (wan/houselan) and bridge 1 (serverlan) and my 4 physical ports are 1 vor bridge 0 and 3 for bridge 1

      how i link a switch to it and use vlans i dont know yet because my homelab is small and i have no need yet

  • dbtng@eviltoast.org
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    2 days ago

    There’s a few things we don’t know here.

    • Are you hosting more VMs on Proxmox that need network via a virtual switch?
    • Are you providing network to other physical devices as well via a switch, so you need to output to that?
    • Do you want OPNsense to be your gateway and assign IPs, or do you have a router?
    • As you have 3 NICs and sound like you want to use them, let’s assume you aren’t doing RoaS, but this could all be done on one (very busy) NIC.

    There’s nothing wrong with your plan, but that’s not how I would do it.
    I don’t pass through NICs. I bond them or I bridge them.
    In a virtual world, this sort of task is done with virtual switches. OVS switches at my job.
    OVS is a lot easier to use than oldskool linux bridges that come installed with Proxmox. There’s already a dropdown in Network where you can build with OVS objects, but you need to add the package.
    apt install openvswitch-switch

    • MGT. For your setup, I might consider (the onboard!) eth3 as my mgt NIC. That might be handy some day if you have to remove that card. Your server will still be online.

    • DMZ WAN. I would run the WAN line straight to eth1. Add eth1 to a ‘dmz’ virtual switch. Add the OPNsense WAN leg to this dmz virtual switch, so the OPNsense (and nothing else) can directly talk to the upstream router.

    • LAN Virtual. Create a ‘protected network’ virtual switch. Add the OPNsense LAN leg to this virtual switch. VMs can be a member of this downstream protected network and access any services provided by the OPNsense.

    • LAN Local. If you need to share the OPNsense protected network back out to other devices, add eth2 to to the protected network switch, and ethernet cable out from eth2 to a dumb switch. Plug other external devices into the dumb switch, and they will be downstream from and protected by your OPNsense, accessing its services.

    Feel free to ignore me here. I build a lot of big things, so I use enterprise-scale techniques. There’s nothing wrong with your pass-through plan.
    And … you can do this! I have a somewhat similar setup on my laptop with HyperV, so I can distribute wired (work VPN) and wireless (everything else) internet to guest VMs and the main OS. I made two virtual switches in HyperV.

    • The first switch gets exclusive access to my NIC attached to my VPN device. This is the OPNsense WAN leg.
    • The second switch is the OPNsense LAN leg and VMs are members.

    Good luck!

    • xavier666@lemmy.umucat.dayOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 day ago

      Are you hosting more VMs on Proxmox that need network via a virtual switch?

      Only one more VM which will host some services (to be accessed via a reverse proxy)

      Are you providing network to other physical devices as well via a switch, so you need to output to that?

      The Proxmox is connected to a switch, and all my other devices (other servers/PC/access point) are connected to this switch. Ideally, these services will connect to the OPNsense VM and get IP via DHCP from OPNsense.

      Do you want OPNsense to be your gateway and assign IPs, or do you have a router?

      OPNsense should be my public facing gateway, similar to what my current router (TP-Link) is doing. Currently, my router is connected to an ISP GPON. But it seems the GPON acts only as a fiber to ethernet converter. I use my ISP provided credentials on my ROUTER to authenticate with my ISP (via PPPoE)

      As you have 3 NICs and sound like you want to use them, let’s assume you aren’t doing RoaS, but this could all be done on one (very busy) NIC.

      RoaS? Router as a Service? I have no idea. I want to the 3rd port, but if you feel like this is a bit complicated, I can leave it for now, provided I don’t incur a heavy penalty for using the LAN port for traffic and Proxmox management.

      And … you can do this!

      Thank you, I needed that! I am just starting out with Proxmox and OPNsense and it seems a bit overwhelming. I am trying to start out small. In case everything blows up, I still have my old TP-Link router.

      PS: Please check the original post as I have added a diagram regarding what I want to do.

      • zarathustrad@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 day ago

        I essentially just did this as a total beginner and it worked. (I have built my own gaming PCs and took basic/Pascal programming in HS, but have no real network experience)

        I had some old enterprise mini PCs, added a second NIC to one and put Opnscence and pihole VMs on it. I ended up doing PCI Passthrough for the new NIC for the Opnscence VM so the WAN/modem is isolated from the host. Bit a simple bridge works. The original management LAN NIC is just in bridge mode (so the host and VMs can share it).

        I’m probably too new to be offering advice, so I’ll just pile on the encouragement. You can do it!

      • dbtng@eviltoast.org
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 day ago

        Cool. Yes, this looks reasonable. It looks logical.

        So, my main recommendation is consider the use of virtual bridges to manage the network instead of passthrough. And I recommend installing and using the OVS style virtual bridge.
        https://pve.proxmox.com/wiki/Open_vSwitch

        This gives you flexibility going forward. Say you want to run something out in the DMZ instead of behind the firewall, well you just attach that VM to the DMZ bridge instead. And it gives you an easy way to provision network for VMs. You just attach them to the LAN bridge.

        (RoaS is a terrible name. Router on a Stick. It means your router is on the same switch as its clients, and all the communications go up and down that one port. It’s a perfectly legit way to manage a network, but sorta ugly and not what you are doing with your fancy 3-port rig. :)

  • chief@lemmy.zip
    link
    fedilink
    English
    arrow-up
    2
    ·
    2 days ago

    You cannot pass the nic through and still use it in proxmox - it loses all access to the nic. So if you want to go that route I recommend you to use eth3 as dedicated port for proxmox.

    For (2) - affected in which way? Compared to which baseline? Are you concerned that your machine cannot keep up with 320Mbps? I doubt that.

    For (3) - depends on your local network setup. Do you use vlans that need routing? Then it goes via OPNsense. Otherwise if all devices are in the same subnet, it likely will not.

    For (5) - no loops. You’re not routing traffic between eth3 and eth2.

    • xavier666@lemmy.umucat.dayOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 day ago

      So if you want to go that route I recommend you to use eth3 as dedicated port for proxmox.

      I need a clarification here.

      • eth1 = WAN. So it gets a public IP.
      • eth2 = LAN. So it will get a 192.168.1.1 IP (this is usually hard-coded during OPNsense setup)
      • eth3 = MGMT.
        • If this is out-of-band, that is, it will work even when OPNsense VM is down, how will it get the IP?
        • Should the IP for MGMT be hard-coded? Should it be in the same subnet or needs to be different?
        • If I want to access via MGMT, what will the routing table of the device on the other end (the desktop from which I will access Proxmox via MGMT) look like?

      If you have any resources regarding this setup, please share.

      Thank you for your response.

      Edit: Changed WLAN to WAN

      • chief@lemmy.zip
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 day ago

        I think you have a typo here, eth1 is WAN not WLAN? you can configure eth3 to have a hardcoded ip. E.g. 192.168.1.2 - OPNsense must be aware that this ip has been assigned to a device so that the DHCP server doesn’t assign it to a different device. When the VM goes down you can still configure the network manually on your PC and access proxmox directly. Regarding routing tables, devices on the same subnet are routed directly, all other destinations usually go via the router. So 192.168.1.0/24 (Assuming /24 subnet) will work fine even if the router goes down as long as the connected device have a valid IP address in this segment. This is why the hardcoded ip will still work.

        I use this setup myself, with the complication that I am using vlans. So for this to work I need to connect to the correct physical port on my switch, but you do not have this additional complexity.

        I saw that you added the detail that you’re also running another vm - AFAIR you could route that via the management port as well with via proxmox without added complexity.

  • Brkdncr@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    2 days ago

    Don’t dedicate your nics. Use vlans and trunk ports.

    Create a wan vlan. Create a lan vlan.