Have a question or want to start a discussion? Post it! No Registration Necessary. Now with pictures!
- Posted on
- VMWare server/virtual firewall
- undefined operator
November 4, 2009, 6:37 pm
rate this thread
Ok, first, this isn't for a production environment - just for experimenting.
Would it be possible to take a single box with two physical network
cards (eth0 and eth4), and -
The box has some flavor of Linux as it's primary OS, is running VMWare
Server, which has been used to configure two virtual network cards (eth1
and eth2), and also a virtual instance of OpenBSD (with PF and Snort
What I'd like is something like this
Internet - router - (eth0 (physical) - virtualization of OpenBSD - eth1
(virtual) - virtual switch - eth2 (virtual) - Linux OS - eth4
(physical)) - second firewall (this one is setup already, no
virtualization or anything) - physical switch - LAN
I hope that's making sense - everything in (), between the router and
the second (physical) firewall, is running on the VMware box.
Any thoughts? I guess what I'm trying to do is set up a virtual
firewall, and doing it this way will let me play around with PF, Snort,
OpenBSD, VMware Server, and virtualization in general - the idea,
eventually, is to use the VMware box to virtualize a couple server
instances and create a DMZ where those are located.
Instead of putting a separate second firewall after the router and
before the VM box, I'm hoping to go cheap and just virtualize it, but
I'm not sure the configuration will work (the main thing is that I want
the first thing the packets from the physical eth0 card to hit to be the
OpenBSD instance, without having any interaction with the other
virtualized instances or the primary linux OS until after they've passed
through the virtual firewall).
Am I going to run into problems with the first physical NIC being
assigned to the virtual OpenBSD instance and not enabled for the primary
Hope this all makes sense - yes, I'm a noob.
Any thoughts/opinions about this would be appreciated - thanks in advance.
Re: VMWare server/virtual firewall
On 11/4/2009 12:37 PM, undefined operator wrote:
You can do this and it will work.
The think you will have to be careful of is making sure that the host OS
does not bind any thing to eth0. (Bind your management IP to another
interface that is connected elsewhere in the network (eth4?).)
Do be aware that your throughput will suffer compared to physical boxen.
I did something similar to this years ago (and still do for some
things) and a friend of mine said "the sides of the case are going to
start bending with all the packets bouncing around in memory.".
Grant. . . .
- » A list of good Firewall and Anti-Virus Software (Free Downloads)
- — Previous thread in » Networking Firewalls
- » NYC local event: Unigroup's 17-Oct-2019 Meeting: SDN/SDP - So...
- — Newest thread in » Networking Firewalls
- » Section 889 Chinese Telecommunication Restrictions Update [telecom]
- — The site's Newest Thread. Posted in » General Telecommunications Forum