Is there any downside to virtualizing a server instance to run OpenBSD (primarily setting it up to serve as a firewall) off the same server from which I'd also be running virtual instances of a domain controller, a web server, email server, file server, etc?
Does it need to have it's own physical box? What about adding Snort to the mix - if I set up the OpenBSD w/Snort distro, is there any conflict in using this instance as the firewall, too?
I'm guessing that the ideal might be to set up a separate box running OpenBSD/Snort, and configuring it to serve as both a firewall and IDS system - set up this box between the router and the switch - then the switch goes out to a separate box w/VMWare Server installed, and virtual instances for each server role - web, email, file, domain controller. (plus the regular PCs).
Any help/hints are appreciated - I concede from the outset that I'm just sticking my big toe into the water here, and will be prone to making beginner errors. I guess what I'm asking boils down to a couple questions - I know I want my web/email/file/domain controllers to be "behind" the firewall - but can I be running all of them as a VMnet with a virtual switch and achieve the same thing (thus running all of them off the same machine) - or should the firewall/IDS box be physically separate? (Is it ok to set up an OpenBSD distro for both duties?)
If both methods are possible, what are the pros and cons - are there any security risks to running the IDS/Firewall virtually on the same physical machine from which you're running other services - like serving up an intranet site, etc? (I would think so, but don't know enough about the nuts and bolts to describe why...)
Thanks in advanced. Snarky comments about finding someone who knows what they're doing will be ignored, but appreciated. This isn't meant for a production environment - I'm setting up a home lab to try some things out.