I am not overly happy with my current firewall setup and looking into alternatives.

I previously was somewhat OK with OPNsense running on a small APU4, but I would like to upgrade from that and OPNsense feels like it is holding me back with it’s convoluted web-ui and (for me at least) FreeBSD strangeness.

I tried setting up IPfire, but I can’t get it to work reliably on hardware that runs OPNsense fine.

I thought about doing something custom but I don’t really trust myself sufficiently to get the firewall stuff right on first try. Also for things like DHCP and port forwarding a nice easy web GUI is convenient.

So one idea came up to run a normal Linux distro on the firewall hardware and set up OPNsense in a VM on it. That way I guess I could keep a barebones OPNsense around for convenience, but be more flexible on how to use the hardware otherwise.

Am I assuming correctly that if I bind the VM to hardware network interfaces for WAN and LAN respectively it should behave and be similarly secure to a bare metal firewall?

  • ikidd@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    7 months ago

    I run it in a Proxmox VM, and since I have 3 nodes with the same hardware (2 NICS) I configure the networking identical for all three, and have used HA for OPNsense. It’s triggered a couple times in fact, and the only way I know is that I get a notification that it’s jumped nodes, because I couldn’t tell just sitting there and streaming while it happened.

    Big fan of virtualizing it, can take snapshots before upgrading and online backups are seamless. I’ve restored a backup when I had it act a bit weird after an upgrade. I restored the previous backup in an inactive state, then cut them over pretty much live as I started up the restored VM and downed the borked one.

    Edit: I wouldn’t use passthrough if you’re running a multinode setup like this. Just configure network bridges with the same name and giv’er.