VMWare server/virtual firewall

Ok, first, this isn't for a production environment - just for experimenting.

Would it be possible to take a single box with two physical network cards (eth0 and eth4), and -

The box has some flavor of Linux as it's primary OS, is running VMWare Server, which has been used to configure two virtual network cards (eth1 and eth2), and also a virtual instance of OpenBSD (with PF and Snort configured).

What I'd like is something like this

Internet - router - (eth0 (physical) - virtualization of OpenBSD - eth1 (virtual) - virtual switch - eth2 (virtual) - Linux OS - eth4 (physical)) - second firewall (this one is setup already, no virtualization or anything) - physical switch - LAN

I hope that's making sense - everything in (), between the router and the second (physical) firewall, is running on the VMware box.

Any thoughts? I guess what I'm trying to do is set up a virtual firewall, and doing it this way will let me play around with PF, Snort, OpenBSD, VMware Server, and virtualization in general - the idea, eventually, is to use the VMware box to virtualize a couple server instances and create a DMZ where those are located.

Instead of putting a separate second firewall after the router and before the VM box, I'm hoping to go cheap and just virtualize it, but I'm not sure the configuration will work (the main thing is that I want the first thing the packets from the physical eth0 card to hit to be the OpenBSD instance, without having any interaction with the other virtualized instances or the primary linux OS until after they've passed through the virtual firewall).

Am I going to run into problems with the first physical NIC being assigned to the virtual OpenBSD instance and not enabled for the primary Linux OS?

Hope this all makes sense - yes, I'm a noob.

Any thoughts/opinions about this would be appreciated - thanks in advance.

Reply to
undefined operator
Loading thread data ...

You can do this and it will work.

The think you will have to be careful of is making sure that the host OS does not bind any thing to eth0. (Bind your management IP to another interface that is connected elsewhere in the network (eth4?).)

Do be aware that your throughput will suffer compared to physical boxen. I did something similar to this years ago (and still do for some things) and a friend of mine said "the sides of the case are going to start bending with all the packets bouncing around in memory.".

Grant. . . .

Reply to
Grant Taylor

yeah virtualisation is great untill you do a lot of IO in the vm's, eg: if you want performance out of a fileserver: don't virtualise it !

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.