I’m building and buying servers and workstations for a business. Working from home with two people. I’ll have a Server running everything in Proxmox VMs and multiple workstations. I don’t plan on hosting any websites nor am I planning on having access to my stuff from outside my network. The server will also be a file server for both the business and everyone at home, so that’s the only thing that I would like to give access to everyone.
I don’t know which route to take when setting up my network.
Presently, I have an ISP router which goes into a switch and all the computers for everyone at home plug into that.
I guess I should create a subnet for my server and workstations which I should be able to do via the ISP routers ports but question is, should I create a VM on my server and run router and firewall there also? Or just run a firewall? I’ve seen people recommend running a router behind the ISP router, but I don’t think I (at least now) need any features that would require me to create another router at this point. I could be overlooking something here right now like DNS for example for all my services.
I plan to use OpenBSD for the router and/or firewalling functions.
So you just want to separate home network from work network?
But also, host some parts of both in proxmox?
Do you want to consider proxmox as part of your home network, (your work network a part of your home network infrastructure), or do you want to view it as a “neutral” entity / a “third network” of some kind?
Is your server relatively reliable/easily rebuild-able?
Technically, all you need is a physical nic port in proxmox to hookup to ISP router … or a VLAN capable switch letting you stuff the ISP link into a VLAN. The rest is just software and config, and deciding whether you want the work network subservient to home network, or subservient to something else.
Well they say least privilege. To me this means separating work network from home network. Although it’s a bit hazy in my mind why this might actually be the case.
A neutral 3rd party didn’t occur to me. But as I said, the only thing that I want to share from my server between the two networks would be file share. Everything else will be purely business related.
Can you elaborate? I’m not sure exactly what you’re getting at here.
I have always avoided studying VLANs because I thought they sounded complicated. EDIT: I got VLAN confused with VPN.
Started researching both of them, maybe one or the other is the solution I’ve been looking for. I don’t quite get the whole picture yet however. Need time to investigate further. Maybe this was the missing puzzle piece in my head.
At the very least, I was stuck and now I have a new direction in which to dig. So thanks.