Brian McEntire wrote: > Darrick - > You seem adamant, and I will look deeper into the firewall in Astlinux! :-)
Brian, I am one of the developers, so I happen to like what we've done. There have been some huge changes to the web interface and the overall project in the past year or so. http://www.astlinux.org > The one thing running monowall in a VM would do for me is (in theory) > make it very simple to move my existing, working m0n0wall > configuration. I've been running it for a while, it serves a bunch of > DHCP clients, does a little NAT, and has 20 or so specific rules for > what can talk to what across the LAN, WAN, and DMZ segments of the > firewall. If Astlinux can do all that, and I can grok it easily, it > might be easier than running m0n0wall inside a VM. The firewall part of Astlinux is Arno's IPtables firewall. The web interface can handle most (if not all) of what you're trying to do. We've exposed a few more options in our svn trunk, but that's undergoing some big changes right now to support dahdi. I'm running an image based on that right now, but it will probably be another week or so before trunk is stable enough for general use. If there's something you need that's not exposed in the web interface, ask and someone on our mailing list can get you going in the right direction. If you have any problems/questions, ask over on our mailing list or in the #astlinux channel on freenode. > I suppose the other thing running m0n0wall inside a VM might do is a > little extra security. If the firewall is in a VM and the asterisk > part is running on the hardware without access to the LAN ports (which > are all owned by the VM) then it *might* make the asterisk install a > little more secure or less exposed to automated attacks. Not saying > this is a high payoff for me, but another potential pro for a VM > setup. That could very well be the case, but I highly doubt you're going to like the results of using a net5501 as a virtual machine host. The hardware was never really intended for that purpose. Darrick _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
