(Actually) OPNsense
Full article in the works! I posted a teaser article a few months ago about setting up OPNsense on an Optiplex 7010, but unfortunately that never came to fruition. The NIC that I ordered off of eBay never showed up, I ended up splitting up with the mother of my child, and life was quite hectic for a hot minute there. I actually ended up making the 7010 my living room PC, but I recently retired my old Proxmox server, an Optiplex 3020, which got replaced by the ProxSquad, a cluster of Optiplex 7080s running Proxmox (https://stevenstone.tech/?project=leveling-up-proxmox-with-clustering). A few weeks ago, I acquired a 2 port Gigabit NIC from a more reputable source with the intention of turning my 3020 into a sick little OPNsense box, and that plan has come to fruition. I had to pop off the larger faceplate on the NIC and replace it with the smaller one to fit my setup, but thanks to my iFixIt toolkit, that was not an issue. I originally set this up in my office (mainly so that I would have a monitor for the initial install) but ended up moving it to my living room next to the modem after it was set up enough to access through my web browser. That way my ISP modem is functioning as guest wifi, with no other devices besides my locked down modem and firewall frontend on the 192.168.0.1 subnet. Then I moved my Netgear unmanaged switch behind the firewall, with 1 port running 2 my living room TV running NixOS and the other connected to the 50ft cat6 cable running to the Cisco switch in my office, which runs my homelab hosting all of my services and various forms of fuckery. The OPNsense installation process was pretty straightforward. I downloaded the most recent ISO file via the website (https://opnsense.org/download/) amd64, dvd to grab it as an ISO, then threw that baby on my Ventoy drive. At the initial login screen, you can activate the installer by entering your login as installer and the password as opnsense. The default IP address for the LAN will be 192.168.1.1 and the WAN will be the assigned IP from the interface that it's connected to (in this case, my ISP modem/router) and I'll go ahead and accept the default settings, as I moved my Cisco switch IP to 192.168.2.1 before completing this installation to avoid any IP conflicts. I didn't do much on the configuration yet, as I wanted to make sure that everything worked and also finish season 2 of Inside Job, so I plugged everything in, and BAM! I have a functioning firewall that works and segments off all of my homelab stuff from my public wifi. I had to do a full reinstall on my Proxmox machines, since they were set with a static IP on the 192.168.0.X subnet, so they had IP addresses that weren't behind the firewall but they physically were so they were in logical limbo, if you will. Luckily, I just set these servers up, so it was easy to set them back up. So after at least setting up Jellyfin and linking the Debian VM running it to my Armbian NFS server that has all of my media, I'm gonna take a break and pick up on this in a bit.