Ok, first, this isn't for a production environment - just for experimenting.
Would it be possible to take a single box with two physical network cards (eth0 and eth4), and -
The box has some flavor of Linux as it's primary OS, is running VMWare Server, which has been used to configure two virtual network cards (eth1 and eth2), and also a virtual instance of OpenBSD (with PF and Snort configured).
What I'd like is something like this
Internet - router - (eth0 (physical) - virtualization of OpenBSD - eth1 (virtual) - virtual switch - eth2 (virtual) - Linux OS - eth4 (physical)) - second firewall (this one is setup already, no virtualization or anything) - physical switch - LAN
I hope that's making sense - everything in (), between the router and the second (physical) firewall, is running on the VMware box.
Any thoughts? I guess what I'm trying to do is set up a virtual firewall, and doing it this way will let me play around with PF, Snort, OpenBSD, VMware Server, and virtualization in general - the idea, eventually, is to use the VMware box to virtualize a couple server instances and create a DMZ where those are located.
Instead of putting a separate second firewall after the router and before the VM box, I'm hoping to go cheap and just virtualize it, but I'm not sure the configuration will work (the main thing is that I want the first thing the packets from the physical eth0 card to hit to be the OpenBSD instance, without having any interaction with the other virtualized instances or the primary linux OS until after they've passed through the virtual firewall).
Am I going to run into problems with the first physical NIC being assigned to the virtual OpenBSD instance and not enabled for the primary Linux OS?
Hope this all makes sense - yes, I'm a noob.
Any thoughts/opinions about this would be appreciated - thanks in advance.