excitingly, I just got pfSense up and running inside of proxmox! I've been using pfSense for a while now, in CentOS 6. But I sense there could be a security issue with how I am doing it, coming here for advice:
Currently I have a dell Optiplex 9020 with the onboard intel NIC, and a qlogic SFP+ dual port 1/10G NIC. As configured now, I have enabled intel_iommu and take advantage of PCIe passthrough for the intel NIC. There is no reason for proxmox to have access to this NIC, it is connected to the modem directly. The pfSense VM also is connected to the default vrbr0 bridge within proxmox and the VM sees it as vtnet0, this is configured as the LAN. the vrbr0 bridge has been assigned physical port from my 1/10G Qlogic NIC.
Is this the safest way to do this? One potential vulnerability I see is if my pfSense VM is shuts down, or does not start up upon boot for any reason, then the unsanitized wrath of the world will be connected straight to my proxmox box. The modem does have a feature where it needs to be rebooted if the MAC address changes, however I am not spoofing the MAC address in pfSense so I suspect what will happen is my proxmox box will potentially connect to the WAN directly, and w/o any firewall rules my entire LAN would be connected to the WAN.
Is this correct and how do I mitigate this risk? some possibilites I can think of:
- spoof MAC of this NIC in pfSense such that if it gets released back to proxmox the MAC will revert to the hardware efuse of the PHY, rely on the fact the modem does not communicate with a device that changed until reboot (not sure if this would work_
- delete the driver for this NIC completly so it's impossible for proxmox to use it as a networking device (seems about as extreme as burning a house down for a spider)
- configure proxmox to not enable the interface on boot, require it to be enabled manually (what is the best way to do this?)
No comments:
Post a Comment