On Wed, Apr 08, 2026 at 09:20:41AM +0200, Roy wrote: > I’d like to set up a homelab with a LAN and a DMZ. I have a PC with > three network interfaces. The idea is to separate the DMZ so I can > publish a demo website. This is not for professional use, just for > tinkering as a hobby.
I've got a setup like this, and highly recommend it! > If anyone has experience with firewall/router setups, would you > recommend using Debian for the firewall/router PC as well, or using > OpenBSD for the firewall/router and Debian as a KVM host for services? > Alternatively, should I just use Debian for the firewall/router with > nftables? In my opinion, the latter. To me nothing is more freeing than using the operating system and other components you are using for other tasks for this. And that is a very strong opinion of mine. E.g. dumping traffic and finding network problems is so much easier if you are using the well documented network stack in Linux. If you just can fire up "tcpdump" instead of using whatever arcane traffic dumping tool the vendor of proprietary firewall box XY wanted. I wish I could do that at work. My "firewall" consists of about 100 lines (for public IPv4 and IPv6 public facing IP, IPv6 only DMZ) of /etc/nftables.conf. It is very freeing not having to use a frontend, configuration interface, or similar, just 100 lines of rules (and those are not written very compact). > I’m asking because I have the impression that Linux has accumulated a > lot of overhead and is no longer as suitable for personal tinkering, > but is more geared toward enterprise use. Hell no! Lots of us are still tinkering, experimenting, homelabbing ... Out of my cold dead hands you can take my public IP address sitting on a internet-exposed Linux box. /ralph
