I've finally been connected to a fiber connection 2,5/1Gbps! 🥳
Now I want to share my connection with my neighbor and so I've installed 3 PCIx dual 1GB nic (I'm out of PCIe slots 🤷♂️).
The connections comes from my OPNsense to the server (Proxmox) via a 10Gbps fiber connection.
I want OPNsense to take car of firewalling dividing the neighbor networks with VLANs. The OPNsense part is done and working, I need to assign to each of the 6 1Gbps NIC each VLAN.
I've tagged the traffic going into the server via the fiber connection, but now how can I assign each VLAN to each NIC?
Thanks!
Edit: Proxmox has nothing to do in the equation, it just happens to be on the same server where the NICs are.
With the disclaimer that Proxmox has nothing to do with this question, I’m forced to assume this is just a networking issue that happens to use OPNsense as the router. Because of that, I must advise that you seek help from a networking-focused community. There’s no clear link to self-hosting in this post, which is required per Rule 3.
Forget everything that I've written, I just need to assign 6 VLAN (tagged, coming in from enp2s0) to 6 NICs (untagged to: enp9s1f0, enp9s1f1, enp9s2f0, enp9s2f1, enp10s1f0, enp10s1f1).
If the connections are already tagged as you come into the Proxmox server, then you need only to create interfaces for them in Proxmox (vmbr1, vmbr2, etc).
EDIT: if you’re doing PCI passthrough of the physical NICs, ignore this step.
Then, in OPNsense, you just adding the individual interfaces. No need to assign a VLAN inside OPnsense because the traffic is already tagged on the network (per your earlier statement).
Whether or not the managed switch that has tagged each port is also providing VLAN isolation, you’ll simply use the OPNsense firewall to provide isolation, which it does by default. You’ll use it to allow the connections access to the fiber WAN gateway.
If all you want is to break out the VLANs to NICs using a Linux PC instead of a managed switch, create six bridge interfaces and put in each bridge the VLAN interface and the NIC.
If you just want each physical interface on your server to participate in a single VLAN, set the corresponding switch port as an access port in the desired VLAN, and then configure each
server interface as a normal untagged interface.
You would only do tagged frames (802.1q trunking) if you wanted to support several VLANs on the switch port.
I don't need to assign VLANs to VMs, I need to assign them to 6 phisical NICs (tha fact that they are installed in the same machine where there is Proxmox is irrelevant).
If Proxmox is already installed on the machine, how are you running OPNSense? If it’s not bare metal, it’s a VM, and if it’s a VM it needs Proxmox’s virtual NICs to be VLAN aware, unless you are doing PCI pass through of the entire network card.
I understand the attraction of virtualising this, but unless you want to share more than just the ISP connection, I would be providing Internet access to your neighbour’s untrusted network using a bare-metal router. Just my two cents.