Wednesday, September 9, 2020

Question regarding PBR and multiple routers

I have a home lab environment with an Edgerouter X as the edge router/firewall and a 1Gbps connection from my ISP. The ERX is not capable of handling the connection at full speed so I am trying to come up with a solution that fits me requirements and will allow me to get more usage of that 1Gbps. Currently I haven't been able to pull more than 600ish Mbps.

My set up now is the ERX at the edge with a few vlans for guest, personal, IOT and such. The ERX also has hwnat offload enabled.

My goal is to keep the ERX at the front, with a vlan configured as a flat network for guest devices and wife approval continuous Wifi. This VLAN would handle NAT, and basic FW rules. Then I would like to have a second network that is connected to a VM firewall(*sense or Sopohs) hosted on a node in my proxmox cluster. This VM will have direct access to the NIC.

My plan was to enable some sort of PBR(which I have never used) to pass the public IP to the VM firewall except for when traffic comes from guest network. Would this work and help at all? Or is there a better solution?

My full network is 1 ERX as main router, a second ERX as a managed switch, a Edgeswtich 8 150 as managed core switch(has routing capability, just not in use right now) 4 proxmox nodes, an AP, a rpi for dns, and then user devices.



No comments:

Post a Comment