I have a home lab environment with an Edgerouter X as the edge router/firewall and a 1Gbps connection from my ISP. The ERX is not capable of handling the connection at full speed so I am trying to come up with a solution that fits me requirements and will allow me to get more usage of that 1Gbps. Currently I haven't been able to pull more than 600ish Mbps.
My set up now is the ERX at the edge with a few vlans for guest, personal, IOT and such. The ERX also has hwnat offload enabled.
My goal is to keep the ERX at the front, with a vlan configured as a flat network for guest devices and wife approval continuous Wifi. This VLAN would handle NAT, and basic FW rules. Then I would like to have a second network that is connected to a VM firewall(*sense or Sopohs) hosted on a node in my proxmox cluster. This VM will have direct access to the NIC.
My plan was to enable some sort of PBR(which I have never used) to pass the public IP to the VM firewall except for when traffic comes from guest network. Would this work and help at all? Or is there a better solution?
My full network is 1 ERX as main router, a second ERX as a managed switch, a Edgeswtich 8 150 as managed core switch(has routing capability, just not in use right now) 4 proxmox nodes, an AP, a rpi for dns, and then user devices.
No comments:
Post a Comment