Proxmox pFsense Nethserver


(!) #1

NethServer Version: last one

Hi folks,
I’m not very accurate with Proxmox so i prefer asking as i do not know what to build to have what i want.

I have a Proxmox host with two physical nics. One connected to my adsl modem (wan) the other to my lan switch.

One vm is pFsense with actualy two cards, one bridged to my wan, the other to my lan.

I want to install a NethServer with two nics, for managing my mail and other services.
One nic for the lan, the other for a DMZ zone with my internet services.

How to create the link/lan between my pFsense vm and my Nethserver VM ?
Must i had some cards/bridges/whatever ?

Thanks in advance.
Rémy from Toulouse.


(Tonči Stipičević) #2

Hello Remy
as far as I can see there are two ways to reach your “internet” services : 1. port forward through/on pfsense , 2. involving VLAN on vmbr1 and tagging your dmz interfaces with this VLAN tag
But … dmz will not protect your lan from your nethserver because nethserver is connected to your lan too .
If you want dmz to protect you from compromising nextcloud or mail services than you should have one additional/separate nethserver connected only to dmz (i.e. pfsense dmz interface/network) so that your lan reaches it through some kind a router/firewall device … and pfsense can play that role (among the others )…
Or you can leave out dmz and just make port forward to your mail/nexcloud services for outside access

… but I’m still not sure if I got this right ?

BR
Tonci


(Rob Bosch) #3

With proxmox in place it shouldn’t be too difficult to add that extra NS instance for services in DMZ. That’s how I would approach this: create an extra instance for webservices and put that in DMZ, completely separated from green network.

Practically it would need you to remove Lan eth1 interface from your DMZ NethServer instance. Problem might be that you have installed that server as AD account provider.


(!) #4

Thanks Tonci & Rob,
In fact my design was wrong, i want to re-create a sort of firewall/gateway with Nethserver but i already have it with pfSense.

So I just gonna “make port forward to your mail/nexcloud services for outside access” as Tonci told me.

Thanks for your responses,
Rémy.