I’ve finally been connected to a fiber connection 2,5/1Gbps! 🥳 Now I want to share my connection with my neighbor and so I’ve installed 3 PCIx dual 1GB nic (I’m out of PCIe slots 🤷‍♂️).

The connections comes from my OPNsense to the server (Proxmox) via a 10Gbps fiber connection.

I want OPNsense to take car of firewalling dividing the neighbor networks with VLANs. The OPNsense part is done and working, I need to assign to each of the 6 1Gbps NIC each VLAN.

I’ve tagged the traffic going into the server via the fiber connection, but now how can I assign each VLAN to each NIC? Thanks!

Edit: Proxmox has nothing to do in the equation, it just happens to be on the same server where the NICs are.

  • peregus@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    3
    ·
    6 months ago

    Forget everything that I’ve written, I just need to assign 6 VLAN (tagged, coming in from enp2s0) to 6 NICs (untagged to: enp9s1f0, enp9s1f1, enp9s2f0, enp9s2f1, enp10s1f0, enp10s1f1).

    • HybridSarcasm@lemmy.worldM
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      6 months ago

      If the connections are already tagged as you come into the Proxmox server, then you need only to create interfaces for them in Proxmox (vmbr1, vmbr2, etc). EDIT: if you’re doing PCI passthrough of the physical NICs, ignore this step.

      Then, in OPNsense, you just adding the individual interfaces. No need to assign a VLAN inside OPnsense because the traffic is already tagged on the network (per your earlier statement).

      Whether or not the managed switch that has tagged each port is also providing VLAN isolation, you’ll simply use the OPNsense firewall to provide isolation, which it does by default. You’ll use it to allow the connections access to the fiber WAN gateway.

      • peregus@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        I’ve just edited the original post to make clear that Proxmox has nothing to do in this picture, it just is installed in the same PC where the NICs are. What I need it just assign 6 VLAN (tagged, coming in from enp2s0) to 6 NICs (untagged to: enp9s1f0, enp9s1f1, enp9s2f0, enp9s2f1, enp10s1f0, enp10s1f1).

        • Kryesh@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          edit-2
          6 months ago

          So the PC connected to opnsense is running proxmox for it’s OS? Create a bridge for each physical interface, then add a tagged interface to it for the one connected to opnsense; Eg, vmbr2 could have enp2s0.100 and enp9s1f0 as members. Just add .vlanid to the end of the interface name in the bridge settings in proxmox, and don’t make the bridges vlan aware. If vmbr0 is vlan aware then just add vmbr0.100 instead of enp2s0.100 With that setup the server will switch packets between the vlans on enp2s0 and the other interfaces. Don’t need to put any VMs on the bridges

          Will add: this is using the PC like a switch, you’re probably better off using an actual switch with vlan configuration instead

          • peregus@lemmy.worldOP
            link
            fedilink
            English
            arrow-up
            1
            ·
            6 months ago

            That’s it, thanks!!! So easy!!! Thanks a lot!

            I know that it would be better to use a switch, but I would need a 10Gbps (or 2,5Gbps, do they exists) switch with 2 sfp+ port (1 for Internet connection and the second one for the server). In this way I’ve just bought the 3 old NIC for 25€ and that’s it. I know that they will consume way more than the switch, but how many years do I need to break even?

            • Mountain_Mike_420@lemmy.ml
              link
              fedilink
              English
              arrow-up
              1
              ·
              6 months ago

              Well it depends on how much you pay for power and what your pc consumes at idle (or at least idling while doing networking). I’d do an analysis and a graph with excel to make sure. Many old (used) networking components can be had for a steal and will still have many years of use still left in them. Use a kill-a-watt to get an accurate account of idle pc power.

        • Maximilious@kbin.social
          link
          fedilink
          arrow-up
          3
          ·
          6 months ago

          He just told you. Assign VLAN on each individual port on your switch. Done. If your switch is unmanaged, then you need a new switch to support VLANs.