For small and medium-sized businesses, it is important to have an infrastructure that is flexible enough, secure, and not overly complex to maintain. In many cases, this does not require an expensive cloud platform or a complex enterprise cluster. A single properly prepared server is often enough to deploy a hypervisor, a firewall, and configure backups.
This is exactly the kind of task that the combination of Proxmox VE + OPNsense + Windows or Linux virtual machines is well suited for. It makes it possible to build a convenient platform for remote work, internal services, terminal machines, VPN access, network segmentation, as well as hosting both internal and public company services.
This approach is especially convenient for:
- small and medium-sized businesses
- small offices
- remote teams
- companies that need virtual workstations
- infrastructures with secure VPN access
- hosting internal services, websites, and databases
What can be built with this setup
After deploying such a platform, it can be used not only for working virtual machines, but also for other business tasks. For example, it can be used to:
- host internal services
- publish websites and web applications
- keep databases inside a protected segment
- organize VPN access for employees
- separate workstations, application servers, and service nodes across different networks
OPNsense allows internal web services to be published through NAT / Port Forward, and it can also be used as a reverse proxy for routing HTTP(S) traffic to internal applications. This is suitable for websites, control panels, internal web systems, and other services. At the same time, the firewall itself is best used as a routing, filtering, and publishing point, rather than as the place where a website or PHP application is hosted directly.
Databases can also be placed in this kind of infrastructure, but they are usually kept inside the internal network without direct exposure to the Internet. This is safer and better aligned with the typical architecture of small and medium-sized businesses. Access to specific services can still be opened when needed through firewall and NAT rules in OPNsense.
What this article series will cover
The second article describes the host network layout: an external bridge for WAN and an internal bridge for the local network of virtual machines.
The third article covers installing OPNsense in a virtual machine, configuring WAN and LAN, connecting internal VMs, and setting up secure access through VPN.
What you will get in the end
After completing all the stages, you will have a working setup in which:
- Proxmox VE acts as the hypervisor
- OPNsense manages external and internal traffic
- virtual machines are located in the internal segment
- access to the infrastructure can be organized through VPN
- websites, panels, and web services can be published through OPNsense
- databases can remain in the internal network without being exposed directly to the outside
This architecture is well suited for small and medium-sized businesses because it provides a good balance between cost, manageability, and security. It allows you to start with a single server and then gradually expand the infrastructure as your needs grow.