Results 1 to 3 of 3

Thread: VMWare server/virtual firewall

  1. #1
    undefined operator
    Guest

    VMWare server/virtual firewall


    Ok, first, this isn't for a production environment - just for experimenting.

    Would it be possible to take a single box with two physical network
    cards (eth0 and eth4), and -

    The box has some flavor of Linux as it's primary OS, is running VMWare
    Server, which has been used to configure two virtual network cards (eth1
    and eth2), and also a virtual instance of OpenBSD (with PF and Snort
    configured).

    What I'd like is something like this

    Internet - router - (eth0 (physical) - virtualization of OpenBSD - eth1
    (virtual) - virtual switch - eth2 (virtual) - Linux OS - eth4
    (physical)) - second firewall (this one is setup already, no
    virtualization or anything) - physical switch - LAN

    I hope that's making sense - everything in (), between the router and
    the second (physical) firewall, is running on the VMware box.

    Any thoughts? I guess what I'm trying to do is set up a virtual
    firewall, and doing it this way will let me play around with PF, Snort,
    OpenBSD, VMware Server, and virtualization in general - the idea,
    eventually, is to use the VMware box to virtualize a couple server
    instances and create a DMZ where those are located.

    Instead of putting a separate second firewall after the router and
    before the VM box, I'm hoping to go cheap and just virtualize it, but
    I'm not sure the configuration will work (the main thing is that I want
    the first thing the packets from the physical eth0 card to hit to be the
    OpenBSD instance, without having any interaction with the other
    virtualized instances or the primary linux OS until after they've passed
    through the virtual firewall).

    Am I going to run into problems with the first physical NIC being
    assigned to the virtual OpenBSD instance and not enabled for the primary
    Linux OS?

    Hope this all makes sense - yes, I'm a noob.

    Any thoughts/opinions about this would be appreciated - thanks in advance.


  2. #2
    Grant Taylor
    Guest

    Re: VMWare server/virtual firewall

    On 11/4/2009 12:37 PM, undefined operator wrote:
    > Internet - router - (eth0 (physical) - virtualization of OpenBSD - eth1
    > (virtual) - virtual switch - eth2 (virtual) - Linux OS - eth4
    > (physical)) - second firewall (this one is setup already, no
    > virtualization or anything) - physical switch - LAN
    >
    > I hope that's making sense - everything in (), between the router and
    > the second (physical) firewall, is running on the VMware box.


    You can do this and it will work.

    The think you will have to be careful of is making sure that the host OS
    does not bind any thing to eth0. (Bind your management IP to another
    interface that is connected elsewhere in the network (eth4?).)

    Do be aware that your throughput will suffer compared to physical boxen.
    I did something similar to this years ago (and still do for some
    things) and a friend of mine said "the sides of the case are going to
    start bending with all the packets bouncing around in memory.".



    Grant. . . .

  3. #3
    goarilla
    Guest

    Re: VMWare server/virtual firewall

    On Thu, 05 Nov 2009 00:11:31 -0600, Grant Taylor wrote:

    > On 11/4/2009 12:37 PM, undefined operator wrote:
    >> Internet - router - (eth0 (physical) - virtualization of OpenBSD - eth1
    >> (virtual) - virtual switch - eth2 (virtual) - Linux OS - eth4
    >> (physical)) - second firewall (this one is setup already, no
    >> virtualization or anything) - physical switch - LAN
    >>
    >> I hope that's making sense - everything in (), between the router and
    >> the second (physical) firewall, is running on the VMware box.

    >
    > You can do this and it will work.
    >
    > The think you will have to be careful of is making sure that the host OS
    > does not bind any thing to eth0. (Bind your management IP to another
    > interface that is connected elsewhere in the network (eth4?).)
    >
    > Do be aware that your throughput will suffer compared to physical boxen.
    > I did something similar to this years ago (and still do for some
    > things) and a friend of mine said "the sides of the case are going to
    > start bending with all the packets bouncing around in memory.".
    >
    >
    >
    > Grant. . . .


    yeah virtualisation is great untill you do a lot of IO in the
    vm's, eg: if you want performance out of a fileserver:
    don't virtualise it !

Similar Threads

  1. Router Netgear DG834GT and Outpost firewall?
    By ulixi@emmail.it in forum comp.security.firewalls
    Replies: 2
    Last Post: 10-14-09, 11:32 AM
  2. Need xp64 software firewall
    By GiantWaffle in forum Network Security
    Replies: 5
    Last Post: 05-21-09, 10:40 AM
  3. Richard's Firewall Rule Set - getting it to work (0/1)
    By Ian Cowan in forum comp.security.firewalls
    Replies: 0
    Last Post: 03-27-09, 09:00 AM
  4. No firewall home network setup
    By SRO_dude in forum Wireless Networks & Routers
    Replies: 3
    Last Post: 10-13-07, 06:30 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •