Ok, so as this says in the title, I am considering putting my proxmox host directly on the internet. Here is why, and my thinking, so be gentle, I am not interested in people just shouting out how bad of an idea it is.

The host itself is reasonably secure out of the box, and comes with an integrated firewall, I can configure with the cli, and with the GUI.

Normally I use a router based firewall, and only open various ports, although the ports grow with the many servers I spin up. I am not seeing a great deal of difference between using this method, and using the firewall built into the Prox Host.

The number of times I have had to create interesting routing rules on my router to get to the internal devices I want to get to has grown out of control, I use DNAT and SNAT to have the devices go out the correct IPs etc, and it is getting unmanageable.

By putting the host on the internet directly, (My ISP gives seemingly unlimited dynamic IPs) I can grab what I need, and they route accordingly.

What are the actual downsides, other than the obvious it is on the internet. I am long past the point of simply being scared of opening ports, as I know what and why I open things, and do my best to not have anything insecure floating around.

It seems too many people are of the impression that if a device is not behind a firewall(other than its own firewall) that they think it will simply burst into flames or something.

So what might I be missing or forgetting that makes this a bad idea? If configured with the proper firewall, and updated regularly, why is this horrible? I am not terribly worried about getting zero-dayed.

Is the firewall built into Proxmox bad? I do not think so.

Let the tearing apart of my plans begin..... 🙂