Proxmox and securing host



  • I have successfully installed pfsense on proxmox. Great stuff, only 2W more compared to a dedicated hardware for PFSense.

    PFsense & DSL modem (bridge mode) is working.
    2 LAN ports on the motherboard, one for LAN with a static IP assigned and the other one with DHCP for the DSL modem.

    Question: do I need to additionally secure the proxmox host? I have not configured any firewall on the host, just in pfsense.



  • Well it's up to you really.
    I have the same setup, Proxmox with a pfSense guest and that guest gives me my Internet access.
    I haven't bothered to do anything else to secure the Proxmox box.

    My thinking is that vmbr0 has only two connections in it, the physical port on my KVM box and the WAN port of pfSense.  It has no listening IP or Layer3 connectivity, so I don't see how the network could really be placed at risk.  Of course if I accidentally put an IP address on that vmbr0 then it could be, but I have PPPoE over the top anyway so there's still an additional layer of no-access.

    Really it's up to you.  If your network is very critical and security is a A1+ must, then most people would suggest a seperate physical firewall for proper isolation.  However if like me you're a home setup then I think you'll be fine as long as you keep a tight reign on your firewall rules.