Hello selfhosted.
My router just burnt up and instead of buying a new one, I’m thinking of turning my own built NAS/home server into a router. Is this possible?
The server in question is a normal computer running debian, where I have a few disks in RAID and host some web services. The motherboard only has one RJ45 port, so my guess is that I have to at least get a network card that supports 2 ports. I’m no stranger to linux but physical networking is not my home field, though I’m very interested.
If someone could point me in the right direction, I would be more than happy.
You can use OPNSense inside a virtual machine. You can use QEMU or install the Proxmox toolkit over Debian to manage it. I’ve been using this setup for years without issue.
You’ll have to create a bridge network for the WAN and the LAN interface, connect them to the VM, then configure the virtual interfaces inside OPNSense.
Only issue I’ve had with this setup is if you’re running in a cluster and you have to restart the cluster then you run into a deadlock. The cluster won’t start VMs without a quorum and it can’t form a quorum without the OPNSense VM up. So you have to manually intervene.
Ah I see, did not think of that. A network card with two ports would be enough right? One for the modem, and the other for clients, which ideally could be a switch, for more ports. That’s possible right?
You only need one port. WAN to switch, switch to router. The router routes and sends it back to the switch, and the switch to the LAN. Vice versa for outbound traffic. It’s called a router on a stick.
Not recommended if you’re paranoid about security, because a malicious client or particularly malformed inbound traffic could bypass your router. For general use it’s perfectly fine.
Do not do that. You need to set up VLANs and proper separation between them on both the switch and the router, assuming the switch even supports tagged trunk lines. If you don’t, you’re just connecting all of your hosts to the unfiltered internet.
Technically yes, but as long as your WAN gateway doesn’t provide a route, clients will only know how to reach your own gateway.
But your isp modem will have total access to your local devices.
Yes, that will be enough. You can also use a single port on the NIC and the one on the motherboard if it can handle the ethernet speed you want.
This is my network setup on Proxmox:
vmbr0is a bridge that has a single port going to the modem. The OPNSense VM’s first virtual interface is connected to this and configured as a WAN interface. Nothing else connects to this bridge as it is exposed to the internet.vmbr1also has a single port that goes to the physical switch. OPNSense’s second interface connects to it as a LAN port, as well as every other VM and container running on the server.I see, very nice. That would reduce the cost quite a bit. Thank you
Yes, that’s possible