Hi, I have a physical server with Proxmox installed. Proxmox has both OpenVZ and KVM virtual servers and Shorewall is installed on the same server. Shorewall protects both Proxmox and each virtual server and handle ip traffic with arp_proxy. Physical server has one public ip address and each virtual server has also a public ip. Before when I only had one public I was using DNAT with a private address space for virtual servers.
Arp_proxy works great! Especially it works well with SIP servers that work better with public IP addresses. >From a security perspective its better with a dedicated firewall but sometimes you don't have that opportunity. /Måns -----Original Message----- From: Simon Hobson [mailto:[email protected]] Sent: den 18 januari 2012 08:52 To: Shorewall Users Subject: Re: [Shorewall-users] virtual serveres Christ Schlacta wrote: >You may end up with simply a bridge firewall. I recently did the same >thing, and am of a mind that for my purposes, an individual firewall on >each vm is preferable. That's the solution I came up with as well. On my hosts I run a very basic set of iptables rules on the outside interfaces (just to protect the host from the outside), and then run Shorewall on each VM. The biggest problem as I see it is the constantly changing network config. Each time you start of stop a VM, network ports on the bridge appear or disappear (at least with Xen). -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ---------------------------------------------------------------------------- -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
