Re: [pfSense-discussion] Start other processes inside pfSense?
Just to add/restate some of the things said in this conversation. FreeBSD 6.2 (which pfSense is based on) cannot run under Xen - while it may be possible to run it with hardware virtualization under Xen, I'd recommend against it at this time. It does however run perfectly fine on both VMWare Server and VMWare ESX Server. MS Virtual server has been shown to have some issues (something about the virtual hardware it emulates...or doesn't...that FreeBSD barfs on). Bottom line is if you want to run pfSense as a guest in VMWare, it'll work fine, use bridged interfaces and don't assign an IP to the host (or at least not on the external interface) and let the virtualized pfSense handle the traffic. You can even have an entire virtual DMZ then *shudder*. Have fun. --Bill On 7/24/07, Roland Giesler <[EMAIL PROTECTED]> wrote: Thanks for your suggestions and comment everyone. I think I'll go with multiple VM guests on a host OS. My mind is much clearer about this now. regards Roland
Re: [pfSense-discussion] Start other processes inside pfSense?
I, too, would like to thank you all for your comments and suggestions. This is a solution that I had not even considered for a problem that I have been having, and I like this solution much better than the other one I had considered. The problem I've been having, in short, is that I get invited to a lot of LAN parties as the "network guy", becuase I bring my nice pfSense router along. ;) But, there are some particular services, such as a dedicated game server, that I have had to bring a second box along to host. But since most of the network traffic is on the LAN, running a game server AND pfSense on the same (more powerful) box would save on weight, stuff to carry, etc. Thanks again! - Original Message - From: "Roland Giesler" <[EMAIL PROTECTED]> To: Sent: Tuesday, July 24, 2007 8:57 AM Subject: Re: [pfSense-discussion] Start other processes inside pfSense? > Thanks for your suggestions and comment everyone. I think I'll go > with multiple VM guests on a host OS. My mind is much clearer about > this now. > > regards > > Roland >
Re: [pfSense-discussion] Start other processes inside pfSense?
Thanks for your suggestions and comment everyone. I think I'll go with multiple VM guests on a host OS. My mind is much clearer about this now. regards Roland
Re: [pfSense-discussion] Start other processes inside pfSense?
- "Roland Giesler" <[EMAIL PROTECTED]> wrote: > On 23/07/07, Jeff Schmidt <[EMAIL PROTECTED]> wrote: > > Roland Giesler wrote: > > > Is it possible to start a VMware or Xen client inside pfSense? > > perhaps you've worded that backwards? > > assuming so; yes, you can run pfSense inside vmware. doubtful that > it > > would work in Xen. > > No, I didn't word it backwards. I'm like to build a firewall, that > also hosts a spamfilter / mailserver and maybe some other things. > But > the firewall must be primary or host OS, since part of the object of > having a filewall would be defeated if the firewall is not the > primary > point of entry from outside the network, right? Not necessarily. It would probably be best to have one OS dedicated to running the VMs, and then have your guests for firewall, spam filter, etc. This way, you're not combining multiple functions in one OS, and upgrading any one of them is as easy as possible. On the host OS, let's assume Linux, you would just setup iptables to block everything from the outside to the host's IP. This won't effect the guests, and you're only setback will be the processing cost of virtualization (unless your switching packets over a high speed connection, you probably won't notice... which I assume is the case, otherwise you'd have dedicated hardware for all of your services). > > I guess what I'm really asking is, can another program be started and > run from inside pfSense? Much in the way that I could start > something > in FreeBSD? I suspect the ability to do this is limited by the > confuration of pfSense as it is with m0n0wall. > > Alternatively, if I run a debian box for example, and used that as a > Xen host, I could run a VM for pfSense, one for a mail server, > another > for a proxy/cache, etc. but that may be inefficient, since I could > just be running one machine to do that all. Problem is that then I > would have the very powerful and easy to use interface of pfSense to > run the firewall part and I want that without having to install two > boxes. Virtualization comes at a cost, and running three VMs, especially when one is a mail server, would require some decent hardware. You know your situation best, but the cost of one beefy box to run it all, or two lessor boxes, may be close. The big advantage in this case is that using VMs would separate the different software services, possibly all distributed as packages, making them easier to admin and update. No worries about conflicting libs or ports, and you also add ease of migration should your one beefy box get lagged down, and you want to move the mail server to another, dedicated VM host. > > comments? > > thanks > > -- > Roland Giesler > Green Tree Systems cc, Stellenbosch, South Africa > Mobile: 072-450-2817 http://www.thegreentree.za.net > > Shop online at http://www.digitalplanet.co.za/?AID=497
Re: [pfSense-discussion] Start other processes inside pfSense?
Roland Giesler wrote: On 23/07/07, Jeff Schmidt <[EMAIL PROTECTED]> wrote: Roland Giesler wrote: > Is it possible to start a VMware or Xen client inside pfSense? perhaps you've worded that backwards? assuming so; yes, you can run pfSense inside vmware. doubtful that it would work in Xen. No, I didn't word it backwards. I'm like to build a firewall, that also hosts a spamfilter / mailserver and maybe some other things. But the firewall must be primary or host OS, since part of the object of having a filewall would be defeated if the firewall is not the primary point of entry from outside the network, right? I guess what I'm really asking is, can another program be started and run from inside pfSense? Much in the way that I could start something in FreeBSD? I suspect the ability to do this is limited by the confuration of pfSense as it is with m0n0wall. Alternatively, if I run a debian box for example, and used that as a Xen host, I could run a VM for pfSense, one for a mail server, another for a proxy/cache, etc. but that may be inefficient, since I could just be running one machine to do that all. Problem is that then I would have the very powerful and easy to use interface of pfSense to run the firewall part and I want that without having to install two boxes. You just make sure that the host OS has no addresses configured on the interfaces facing the internet, only on the interface behind the firewall VM. That way it's just operating as a switch with no way to communicate, or be communicated with by machines on the public interface(s). You could even disable certain address families on that interface... (same answer applies to your m0n0wall questions) adam.
Re: [pfSense-discussion] Start other processes inside pfSense?
On 23/07/07, Jeff Schmidt <[EMAIL PROTECTED]> wrote: Roland Giesler wrote: > Is it possible to start a VMware or Xen client inside pfSense? perhaps you've worded that backwards? assuming so; yes, you can run pfSense inside vmware. doubtful that it would work in Xen. No, I didn't word it backwards. I'm like to build a firewall, that also hosts a spamfilter / mailserver and maybe some other things. But the firewall must be primary or host OS, since part of the object of having a filewall would be defeated if the firewall is not the primary point of entry from outside the network, right? I guess what I'm really asking is, can another program be started and run from inside pfSense? Much in the way that I could start something in FreeBSD? I suspect the ability to do this is limited by the confuration of pfSense as it is with m0n0wall. Alternatively, if I run a debian box for example, and used that as a Xen host, I could run a VM for pfSense, one for a mail server, another for a proxy/cache, etc. but that may be inefficient, since I could just be running one machine to do that all. Problem is that then I would have the very powerful and easy to use interface of pfSense to run the firewall part and I want that without having to install two boxes. comments? thanks -- Roland Giesler Green Tree Systems cc, Stellenbosch, South Africa Mobile: 072-450-2817 http://www.thegreentree.za.net Shop online at http://www.digitalplanet.co.za/?AID=497
Re: [pfSense-discussion] Start other processes inside pfSense?
Roland Giesler wrote: Is it possible to start a VMware or Xen client inside pfSense? perhaps you've worded that backwards? assuming so; yes, you can run pfSense inside vmware. doubtful that it would work in Xen. -- Roland Giesler Green Tree Systems cc, Stellenbosch, South Africa Mobile: 072-450-2817 http://www.thegreentree.za.net
Re: [pfSense-discussion] Start other processes inside pfSense?
Any particular reason you would want to run vmware or Xen in pfSense? On 7/23/07, Roland Giesler <[EMAIL PROTECTED]> wrote: Is it possible to start a VMware or Xen client inside pfSense? -- Roland Giesler Green Tree Systems cc, Stellenbosch, South Africa Mobile: 072-450-2817 http://www.thegreentree.za.net Shop online at http://www.digitalplanet.co.za/?AID=497
Re: [pfSense-discussion] Start other processes inside pfSense?
Roland Giesler wrote: Is it possible to start a VMware or Xen client inside pfSense? no. VMware doesn't support FreeBSD as a host, and Xen is still questionable on FreeBSD I believe.
[pfSense-discussion] Start other processes inside pfSense?
Is it possible to start a VMware or Xen client inside pfSense? -- Roland Giesler Green Tree Systems cc, Stellenbosch, South Africa Mobile: 072-450-2817 http://www.thegreentree.za.net Shop online at http://www.digitalplanet.co.za/?AID=497
