Setup guide Proxmox, Opnsense, HA, OpenWRT - eviltoast

So I bought a fanless firewall appliance with 4x2.5Gbps ports and I would like to setup Proxmox on two identical SSD drives. I also want to configure a bridge on my ISP router and then configure the router as a firewall on top of Proxmox. My plan is to install HA on top of Proxmox too.

My goal is to separate both my normal WiFi connection into two or even 3 VLANs, one for normal devices, one for IoT and a third for Guest VLAN. And I would like the Home Assistant to have access to both my normal SSID and IoT VLANs.

For the Access point I have a mesh router that doesn’t support VLANs and I was thinking temporary to repurpose an old Netgear R7800 and here I don’t know whether I should simply configure the Guest SSID to be for the IoT or repurpose the 2.4GHz network and leave the 5Ghz for normal devices. Currently on the WiFi router I have OpenWRT but I am also considering switching to Voxel?

Can you maybe recommend some tutorials with what settings and setup to use and if you had similar network setup to give me some hints on what to

  • ChiefSinner@lemm.ee
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    In the realm of firewall applications, i use the following: ° Ipfire is easy to use, but lacks ipv6 support and it doesn’t have otp. It has lots of packages though.

    ° Alpine is good, if you don’t want a GUI or want to spend time figuring out how to build a web ui (really good for beginners as its mostly xml)

    ° openwrt is good fit for low end hardware (SPARC or arm processors mostly) but also works on x86.

    ° opnsense - like pfsense, but more up to date. Has some quirks in it (like if you block both incoming and outgoing, but just want to allow 80/443, the rules look weird…like the direction you have to allow is in, but destination is 80/443. Very strange bug that isn’t in pfsense).

    ° hardenedbsd firewall - literally just opnsense but with hbsd’s fully patched kernel. No repo though.

    That being said, you can make any distro a firewall, just use iptables/pf/ipfw/ipfilter rules through command line, and you can add anything in that distros repo you can think of.