Architettura

graph TD
    %% Stile generaleStili
    classDef server fill:#f9f,stroke:#333;#f00,stroke-width:2px;
    classDef vm fill:#bbf,stroke:#333;#00f,stroke-width:2px;
    classDef firewall stroke:#f90,stroke-width:2px;
    classDef network fill:#9f9,stroke:#333;#0a0,stroke-width:2px;
    classDef firewalldefault fill:#f99,stroke:#333;#666,stroke-width:1px;

    %% Nodi principali
    Dell740["Dell PowerEdge R740\n(Proxmox Host)"]
    class Dell740 server

    %% Interfacce di rete fisiche
    NIC1G1["NIC 1Gbps (eth0)ens6f2)(Internet Uplink)"]
    NIC1G2["NIC 1Gbps (eth1)"]
    NIC1G3["NIC 1Gbps (eth2)"]
    NIC1G4["NIC 1Gbps (eth3)"]
    NIC40G1["NIC 40Gbps (eth4)"]
    NIC40G2["NIC 40Gbps (eth5)"idrac"]

    class NIC1G1,NIC1G2,NIC1G3,NIC1G4,NIC40G1,NIC40G2 network

    %% Bridge/VMBridge Network (Proxmox)Proxmox
    vmbr0["vmbr0vmbr0\n(Management (Bridge+ LAN)Firewallo)"]
    vmbr1["vmbr1vmbr1\n(WAN (BridgeUplink)"]
    WAN/UPLINK)vmbr2["vmbr2\n(LAN Interno VM)"]
    class vmbr0,vmbr1vmbr1,vmbr2 network

    %% VM FirewallFirewallo (pfSense/OPNsense/NFT)firewall FirewallVM[+ servizi)
    Firewallo["FirewallFirewallo VM\n(VM - (NFT + Caddy + dnsmasq)"]
    class FirewallVMFirewallo firewall

    %% Altre VM in(collegate Proxmoxa vmbr2)
    VM1["VM 1\n(Es: Web Server)"]
    VM2["VM 2\n(Es: Database)"]
    class VM1,VM2 vm

    %% Collegamenti fisici
    Dell740 --> NIC1G1
    Dell740 --> NIC1G2


    Dell740 --> NIC1G3
    Dell740 --> NIC1G4
    Dell740 --> NIC40G1
    Dell740 --> NIC40G2

    %% Bridge Proxmox (esempio di configurazione)
    NIC1G1 --> vmbr0
    NIC1G2 --> vmbr0
    NIC40G1 --> vmbr1  
    NIC1G3 -->|Optional| vmbr1  


    %% VM collegate ai bridge
    vmbr0 -->- FirewallVMFirewallo 
    vmbr0vmbr2 -->- VM1
    vmbr0vmbr2 -->- VM2
    vmbr2 --- Firewallo

    %% FirewallFirewallo come gateway per le altre VM
    FirewallVMFirewallo -->-|NAT/Routing| vmbr1  

    %% Legenda
    subgraph Legenda
        N1[S1["Server Fisico"] -->-|Stile| N1Style[S1Style[fill:#f9f]#f00]
        N2[S2["VM"] -->-|Stile| N2Style[S2Style[fill:#bbf]#00f]
        N3[S3["Firewall"] -->-|Stile| N3Style[S3Style[fill:#f99]#f90]
        N4[S4["Rete/Bridge"Bridge/Rete"] -->-|Stile| N4Style[S4Style[fill:#9f9]#666]
    end

Dettagli chiave dello schema

1. vmbr0

   • Usato solo da Proxmox (management) e Firewalla.
   • È virtuale per isolare il traffico di gestione.

2. vmbr1

   • Uplink WAN verso Internet, collegato a eth0 (1Gbps).
   • Firewallo instrada il traffico delle VM verso vmbr1 (NAT).

3. vmbr2

   • Bridge dedicato alle VM (LAN interna).
   • È virtualeper performance.
   • Tutte le VM (es: VM1, VM2) sono connesse qui.

4. Firewallo

   • NFTables: Firewall/routing.
   • Caddy: Reverse proxy (es: HTTPS per le VM).
   • dnsmasq: DNS locale per la LAN.
   • Gateway predefinito per le VM in vmbr2.

5. Flusso traffico

   • VM → Firewalla → Internet: VM1 (vmbr2) → Firewallo (vmbr0) → vmbr1 (WAN).
   • Traffico interno: Le VM comunicano direttamente via vmbr2 (no firewall per LAN-LAN, a meno di regole specifiche).