My goal is to consolidate a few boxes onto one -- none are mission critical really so if the VM host I want to migrate them to goes down and takes them too then that's ok.
I have a dedicated (franken-plex box -- that is just janky and needs to get decommissioned) and a few development servers that could just be VMs really and the need for a proper router/firewall.
So the hope is to consolidate this onto my new eBay find:
some old OEM box with a 250w PSU, a few pci-e slots, 8GB of ram, 120GB ssd, and i5 3470 (AES, VT-d, etc).
I've since become a bit enamored with the UI of Redhat's cockpit (An introduction to Cockpit, a browser-based administration tool for Linux) but am partial to ZFS so proxmox comes into the picture. The one benefit of a VM host is it could act as a sort of poor-man's out of band management in that I could put one of the unused Nic's on a static class c network (i.e 192.168.200.1/24) and connect to it via my laptop if I need to if the network goes haywire and provision it that way since none of my hardware has any such thing.
So choice #1: CentOS 8/stream or ProxMox
Step #2
Next I have a tricky migration ahead. I currently have a ISP modem that the ISP can remotely set to bridge mode (process takes a few weeks for them to get back to me) but until then I am ok with double NAT (should that occur) and will try to do the following:
Set the modem/router to 192.168.0.1 with DHCP off?
Set DMZ on to send all packets to 192.168.0.2 -- which should be the PfSense / OpnSense VM
Will Pfsense/Opnsense be ok having the wan Nic having a 192.x IP?
When the Modem/router gets set into bridge mode just restart the VM?
I'm not confident in the above. I mean it should work. Any suggestions here would be nice.
Step/Question #3
What's the best/easiest way to pass through hardware, or is it even necessary these days? Is any additional passthrough complexity translated into faster performance on the vm? would it matter considering I've only a residential gigabit network and my WAN pipe is only 400/20?
If I have a VM doing DHCP, routing, firewall, etc how does the host securely access the web for things like ntp and updates? I assume I'd point the resolv.conf to the VM but how does that all work when the VM only starts when the host does? i.e could the host boot timeout waiting for NTP or something if the pfsense/opnsense vm is not running yet?
Anything else I missed?
I have a dedicated (franken-plex box -- that is just janky and needs to get decommissioned) and a few development servers that could just be VMs really and the need for a proper router/firewall.
So the hope is to consolidate this onto my new eBay find:
some old OEM box with a 250w PSU, a few pci-e slots, 8GB of ram, 120GB ssd, and i5 3470 (AES, VT-d, etc).
I've since become a bit enamored with the UI of Redhat's cockpit (An introduction to Cockpit, a browser-based administration tool for Linux) but am partial to ZFS so proxmox comes into the picture. The one benefit of a VM host is it could act as a sort of poor-man's out of band management in that I could put one of the unused Nic's on a static class c network (i.e 192.168.200.1/24) and connect to it via my laptop if I need to if the network goes haywire and provision it that way since none of my hardware has any such thing.
So choice #1: CentOS 8/stream or ProxMox
Step #2
Next I have a tricky migration ahead. I currently have a ISP modem that the ISP can remotely set to bridge mode (process takes a few weeks for them to get back to me) but until then I am ok with double NAT (should that occur) and will try to do the following:
Set the modem/router to 192.168.0.1 with DHCP off?
Set DMZ on to send all packets to 192.168.0.2 -- which should be the PfSense / OpnSense VM
Will Pfsense/Opnsense be ok having the wan Nic having a 192.x IP?
When the Modem/router gets set into bridge mode just restart the VM?
I'm not confident in the above. I mean it should work. Any suggestions here would be nice.
Step/Question #3
What's the best/easiest way to pass through hardware, or is it even necessary these days? Is any additional passthrough complexity translated into faster performance on the vm? would it matter considering I've only a residential gigabit network and my WAN pipe is only 400/20?
If I have a VM doing DHCP, routing, firewall, etc how does the host securely access the web for things like ntp and updates? I assume I'd point the resolv.conf to the VM but how does that all work when the VM only starts when the host does? i.e could the host boot timeout waiting for NTP or something if the pfsense/opnsense vm is not running yet?
Anything else I missed?