I am back. I started playing with pfSense in my Proxmox server in order to have a multi-headed connection into vlans within my network. The purpose is to have an isolated vlan (isolated in the sense that the other vlans cannot get to it) to use as a monitoring point. My thought is this: let pfSense become the DNS/DHCP source for a number of hardware and VM/LXC components to provide monitoring and automation activities. I would eventually use Ansible to automate setups within the HomeLab and would use Observium/collectd to monitor the different HW components. I could also use a component to provide CA capabilities. The steps needed include:
- download a tar.gzip of pfSense Community Edition from the pfSense website
- create a VM of pfSense on the Proxmox server
- setup the VM to link to an existing vlan in the HomeLab on the WAN side and to an isolated vlan on the LAN side
- check the pfSense console to make sure that the ports are configured correctly
- add a Raspberry Pi w/SSD to the isolated vlan and bring it up; helps if it is already setup to integrate with the tailscale network
- check that the Raspberry Pi can communicate through pfSense to the WAN side and that it has an IP within the subnet of the LAN; this will become the seat of monitoring and automation for the HomeLab
- add XRDP to the Raspberry Pi so that I can access the GUI
- setup Putty on my Windows laptop as an SSH tunnel to the web interface to pfSense through the Raspberry Pi; repeat with other things that I wish to monitor
Seemed like a good idea at the time. Not sure why this would be frowned upon security wise. I just need to be sure that I am always aware of new and clever attacks that might be possible within the network.
I'm wondering if the same thing can be done with one of my spare Edgerouter-X routers.
Update: I was able to do the same thing with the Edgerouter-X router. So in retrospect, I have spun down the Proxmox pfSense router for use later. I don't think that I will be getting rid of it anytime soon. It's nice to know that I now have the ability to change the different routers that I have to give a multi-head ability to my HomeLab.