Roland Giesler wrote:
On 23/07/07, Jeff Schmidt <[EMAIL PROTECTED]> wrote:
Roland Giesler wrote:
> Is it possible to start a VMware or Xen client inside pfSense?
perhaps you've worded that backwards?
assuming so; yes, you can run pfSense inside vmware. doubtful that it
would work in Xen.
No, I didn't word it backwards. I'm like to build a firewall, that
also hosts a spamfilter / mailserver and maybe some other things. But
the firewall must be primary or host OS, since part of the object of
having a filewall would be defeated if the firewall is not the primary
point of entry from outside the network, right?
I guess what I'm really asking is, can another program be started and
run from inside pfSense? Much in the way that I could start something
in FreeBSD? I suspect the ability to do this is limited by the
confuration of pfSense as it is with m0n0wall.
Alternatively, if I run a debian box for example, and used that as a
Xen host, I could run a VM for pfSense, one for a mail server, another
for a proxy/cache, etc. but that may be inefficient, since I could
just be running one machine to do that all. Problem is that then I
would have the very powerful and easy to use interface of pfSense to
run the firewall part and I want that without having to install two
boxes.
You just make sure that the host OS has no addresses configured on the
interfaces facing the internet, only on the interface behind the
firewall VM.
That way it's just operating as a switch with no way to communicate, or
be communicated with by machines on the public interface(s). You could
even disable certain address families on that interface...
(same answer applies to your m0n0wall questions)
adam.
