Adding an Orange network

Remy · October 29, 2021, 5:00pm

NethServer Version: 7.9 2009

I plan to add a Orange network to my server only Nethserver for different public services in the future. I read a lot of doc but nothing clear for me.

What do i need in term of infrastructure to add an Orange network ?

My infrastructure is :
Adsl modem <-> 2 nic HPE server | Proxmox 7 :

2 virt-nic Pfsense VM : vmbr0 Wan Public address / vmbr1 Lan gateway 192.168.65.0/24
1 virt-nic Netserver VM : net1 Green Lan.

Do i need to add a nic to my Nethserver vm ? And which vmbr to plug it to ?
Do i add a virtual nic and plug it to my green lan ?

I am confused. I didn’t find anything clear.

Thanks,
rémy.

pike · October 29, 2021, 7:49pm

PFSense => Orange NIC into PFSense, not Nethserver…
Am I wrong?

Remy · October 29, 2021, 8:05pm

I want to add a Orange network to my Nethserver for different public services in the future.
If i add an Orange Network in pfsense where I will put the services ?

Andy_Wismer · October 29, 2021, 8:21pm

Hi

If the services are going to run on NethServer, you don’t need another (orange) network.

Even with only one NIC, no specifically installed firewall - NethServer always has a firewall up and running, and is well capable of protecting itself - out of the box, I must add!

My 2 cents
Andy

pike · October 29, 2021, 9:47pm

IMVHO (and maybe you don’t agree with my opinion, it’s fine) ORANGE zone is used in NethServer only if you are using the Nethserver installation as gateway/firewall, and you put into ORANGE zone some other servers which should be accessed by internet and by GREEN/LAN following the firewall rules written into nethserver.

If you want to expose to internet Nethserver’s future and different services… you should add to NethServer a RED interface. Which will be connected to the ORANGE interface of your PFSense.
This will allow you to have different firewall zones to manage, and you can tune different rules on PFSense to stratify protecion and rules, if necessary.
NethServer will use its RED(ORANGE) interface to connect to internet, instead of the gateway of the GREEN interface.

IMVHO this solution could work for your request, and due to your current arrangement, connection between PFSense and NethServer could be routed via virtual adapters and switches (by ProxMox perspective).

Of course, there are more ways to do the same thing… hope that this one at least makes sense to you, even you won’t realize like that

Remy · November 2, 2021, 4:26pm

Hello pike,

I now understand what you meant and I agree with you.
I thought about it last night and came across the same solution.
Thank you for explaining it to me. I tick it as solution.

Hello Andy
Now I don’t know what to choose. Maybe " Pluralitas non est ponenda sine necessitate" as said Frater Occam.

Diego_Esteban_Pardo · July 24, 2022, 5:14pm

good day, I have a doubt; in the orange interface I connect my mikrotik firewall but from that interface I can connect to the domain to authenticate users and shared folders from other networks that my mikrotik firewall manages