I know it is a old subject but since nobody gave an real answer and I did this setup (locally, remotely and in the Cloud) I decide to try one.
It is possible to make it with one card, on the Proxmox community you have plenty of guide.
Personally I see 2 possibilities.
Scenario 1
Harder but more a real “professional” setup
- The most common is you pass the control of your NIC to your firewall (Red Interface of Nethserver or pfSense) which will become your WAN, your public interface. You could even PCI-Passthrough this physical interface but this is another level.
- than on Proxmox you create a new virtual interface not attached to any physical interface which become your Green interface for Nethserver or pfSense).
- reboot proxmox than install your firewall (Nethserver or pfSense)
Hints:
- You have better chance with Nethserver since the WebUI is accessible via the RED Interface.
- Usually I spin a Live-CD which is connected to the Green network so I could configure pfSense (in my case OPNsense). Also I usually PCI-Passthrough a video card to this machine.
- Configure an IP available on the Green Network for your Proxmox.
Scenario 2
Easier but more it is more security through obscurity
- In Proxmox create two virtual interfaces attached to the same physical network, while vmbr0 = RED, vmbr1 = GREEN, so you only define an IP on the GREEN interface to reach your Proxmox than reboot.
- Install your firewall (Nethserver or pfSense) with 2 virtual NIC one for RED and one for GREEN
Hints:
- vmbr0 or RED should have an IP in the same subnet of your router/modem, for a little bit more security you could force this subnet to only have 2 IP with a /30 mask.
- vmbr1 or GREEN should be in a new subnet such as 192.168.100.0/24