Single NIC with pppoe
-
Hi, I have a pfSense install running as a KVM guest on my Microserver, this guest has two virtual NICs both connected the same virtual switch on the host server, feeding out of the only physical NIC into my unmanaged switch where my modem is connected and the rest of my LAN.
I understand that it's best practice to provide two separate physical networks linked by the firewall, however on my network the Internet is connected using a PPPoE tunnel established to the modem by the pfSense guest, so being that all Internet traffic is isolated in the tunnel until terminated on the firewall, are there any security risks that adding an additional dedicated physical NIC to the firewall would mitigate in this scenario?
-
So you have a modem plugged into a switch and the rest of your lan plugged into the same switch? You tell pfsense to connect the router and provide dhcp addresses?
-
So you have a modem plugged into a switch and the rest of your lan plugged into the same switch? You tell pfsense to connect the router and provide dhcp addresses?
Yes, that is correct, pfSense creates a PPP session to the modem via the LAN infrastructure then distributes IP's, all traffic is channeled via the pfSense VM.
-
The ISP can access the DSL modem and potentially add an alias interface that can communicate with your network. Your setup is insecure.