I am not overly happy with my current firewall setup and looking into alternatives.

I previously was somewhat OK with OPNsense running on a small APU4, but I would like to upgrade from that and OPNsense feels like it is holding me back with it’s convoluted web-ui and (for me at least) FreeBSD strangeness.

I tried setting up IPfire, but I can’t get it to work reliably on hardware that runs OPNsense fine.

I thought about doing something custom but I don’t really trust myself sufficiently to get the firewall stuff right on first try. Also for things like DHCP and port forwarding a nice easy web GUI is convenient.

So one idea came up to run a normal Linux distro on the firewall hardware and set up OPNsense in a VM on it. That way I guess I could keep a barebones OPNsense around for convenience, but be more flexible on how to use the hardware otherwise.

Am I assuming correctly that if I bind the VM to hardware network interfaces for WAN and LAN respectively it should behave and be similarly secure to a bare metal firewall?

  • carzian@lemmy.ml
    link
    fedilink
    English
    arrow-up
    2
    ·
    7 months ago

    So you’re planning to reuse the same hardware that the firewall is running on now, by installing a hypervisor and then only running opnsense in that?

    • poVoq@slrpnk.netOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      7 months ago

      It is more powerful hardware with much higher single thread performance which should help with OPNsense networking; Ultimately to allow more than 1gbit WAN input which my current firewall hardware is incapable off, although that is still in the future.

      But I feel like I could utilize this hardware better if it was running something other than OPNsense, thus the idea to make it run it in a VM.