On Wed, 2026-04-08 at 11:54 +0100, Ralph Aichinger wrote: > On Wed, Apr 08, 2026 at 09:20:41AM +0200, Roy wrote: > > I’d like to set up a homelab with a LAN and a DMZ. I have a PC with > > three network interfaces. The idea is to separate the DMZ so I can > > publish a demo website. This is not for professional use, just for > > tinkering as a hobby. > > I've got a setup like this, and highly recommend it! > > > If anyone has experience with firewall/router setups, would you > > recommend using Debian for the firewall/router PC as well, or using > > OpenBSD for the firewall/router and Debian as a KVM host for > > services? > > Alternatively, should I just use Debian for the firewall/router > > with > > nftables? > > In my opinion, the latter. To me nothing is more freeing than using > the operating system and other components you are using for other > tasks > for this. And that is a very strong opinion of mine. >
So you mean use only Debian. > E.g. dumping traffic and finding network problems is so much easier > if you are using the well documented network stack in Linux. If you > just can fire up "tcpdump" instead of using whatever arcane traffic > dumping tool the vendor of proprietary firewall box XY wanted. I wish > I could do that at work. > > My "firewall" consists of about 100 lines (for public IPv4 and IPv6 > public > facing IP, IPv6 only DMZ) of /etc/nftables.conf. It is very freeing > not > having to use a frontend, configuration interface, or similar, just > 100 > lines of rules (and those are not written very compact). > Can you suggest some good documentation to start with? As I mentioned, there is a lot of outdated information, and it’s really difficult to filter out what’s essential. thanks! >
