• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

firewall and filtering through virtual machines?

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
smokie mcpott

smokie mcpott

Member
Joined
Jul 18, 2006
Location
OKC
This probably could have gone into a number of spots but I think that this is probably the more appropriate section.

I currently have 7 machines running 24/7.
My setup is as follows:
modem > pfsense firewall > untangle web http/ftp/av/spam/spyware etc filtering >
rest of the network
one of the machines on my network is simply a debian box that i run a vm or 2 off of to play around with, but its main purpose is to serve as my backup server (running Backuppc to maintain backups and a database for all my other machines)
i am looking to combine pfsense, untangle and my debian backup server into VMs to cut down on the number of boxes
what i am mostly curious about is whether or not its a very good idea to run firewalls and filtering servers through VM?

basically it would be a fairly beefy machine (c2d, 4gb ram, 36gb 10k scsi drives, raid5), so having the power in one machine isnt the problem, but I am more concerned with the actual vmware server being on the outside of the network
if all those functions run through VM what is there to protect the VMware server? should i incorporate iptables/shorewall into my debian64 vm server in order to keep it protected, or run the risk of the vm server being on the outside edge of my network?
 
That sounds like quite a robust setup. I've been looking at upgrading from my Nokia IP330 running PFsense to a setup similar to what you described. From what i've read thus far, it doesn't sound like a good idea to run a firewall in a virtual environment. See this thread . Thus I've been looking to replace my IP330 with an Atom rig once they release a board that has PCIE. Then I was going to run untangle behind that firewall in a WM. I'm interested to see what you end up going with.
 
Thanks Albaholic, the more I think about it, the more i think i should just keep my pfsense box as a separate entity and i should be running untangle, and my 2 other debian servers in VMs on a box on this side of the firewall.

ppe1700:
my vmware server would have a private IP, but I would think that in order for it to all function correctly, i would need at least one port on the outside
 
smokie mcpott said:
Thanks Albaholic, the more I think about it, the more i think i should just keep my pfsense box as a separate entity and i should be running untangle, and my 2 other debian servers in VMs on a box on this side of the firewall.

ppe1700:
my vmware server would have a private IP, but I would think that in order for it to all function correctly, i would need at least one port on the outside
Click to expand...

you may be able to bind a nic to that virtual server then add the VM nic



it may be "doable", however, i wouldn't trust it.
 
well, i decided to keep my machines separate, but i have updated them

i am running my pfsense and untangle in their very own Cisco 511's
 
You must log in or register to reply here.

Similar threads

don256us
Lost internet for a day. I think it was my fault.
Replies
4
Views
693
jiminalex3
J
Niku-Sama
Get incoming calls and texts on other devices on home wifi
Replies
2
Views
533
don256us
don256us
JrClocker
Considering Switching from Spectrum Cable Internet to Frontier Fiber
Replies
7
Views
2K
JrClocker
JrClocker
don256us
pfsense pre-planning.
Replies
8
Views
778
don256us
don256us
don256us
SOLVED Ubiquiti and I are not seeing eye to eye...
Replies
12
Views
1K
don256us
don256us
Back