<div dir="ltr">Well, maybe I'll setup Proxmox on a system here or in a VM and try working with host firewalling and see how I like it and then try pfSense. After thinking about it for a bit I may just go with pfSense in a VM. It's not like I'm going to be loading this system much as it is and a little VM running pfSense isn't going to exactly break the bank CPU or memory wise. Plus, like I mentioned before I'm more familiar with it and as you eluded to it includes OpenVPN support that's easy as hell to configure.</div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Nov 6, 2013 at 7:16 AM, Rob Fantini <span dir="ltr"><<a href="mailto:rob@fantinibakery.com" target="_blank">rob@fantinibakery.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">pfsense makes vpn easy .<br>
<br>
We've used pfsense as a kvm and hardware.<br>
<br>
I think pfsense on hardware is better as I can set up a nat to a non cluster system.<div class="im"><br>
<br>
<br>
On Wed 06 Nov 2013 10:08:02 AM EST, Adam Hunt wrote:<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
Eneko,<br>
<br>
Thanks for the reply. I'm not familiar with Firewall Builder but I'll<br>
be sure to take a look at it. I kind of like the idea of doing the<br>
firewalling and routing on the host as it just seems cleaner or<br>
simpler. I had been thinking about running pfSense in a VM as that's<br>
what I have the most experience with and FreeBSDs firewall<br>
capablilities have always seemed a little more mature than Linux's<br>
ipfwadmn, I mean ipchains, I mean iptables, or is it nftables now, oh<br>
and you can't forget about ebtables (I'm joking it's just fun to poke<br>
fun at all the choice sometimes and I've been using Linux long enough<br>
to remember all of the solutions).<br>
<br>
Seeing as I don't need anything too extravagant maybe I'll just stick<br>
to a host based solution. After a cursory look at Firewall Builder<br>
it's probably all I need. A full pfSense VM would probably be<br>
overkill. Plus, I could use a refresher on Linux's firewall capabilities.<br>
<br>
All that leaves is a OpenVPN server. As far as that goes where do you<br>
run your VPN (assuming you use one at all)? Do you run it on the<br>
Proxmox host, in a container, or a full blown VM?<br>
<br>
Thanks for the tips.<br>
<br>
--adam<br>
<br>
<br>
On Wed, Nov 6, 2013 at 1:44 AM, Eneko Lacunza <<a href="mailto:elacunza@binovo.es" target="_blank">elacunza@binovo.es</a><br></div><div><div class="h5">
<mailto:<a href="mailto:elacunza@binovo.es" target="_blank">elacunza@binovo.es</a>>> wrote:<br>
<br>
Hi Adam,<br>
<br>
We have such an installation and Proxmox works fine, given the<br>
limitations of the underlying hardware (most notable are the disks).<br>
<br>
For the firewall you can use a dedicated VM or also the native<br>
proxmox (hypervisor kernel) iptables. We use iptables on the<br>
hypervisor, managed by the Firewall Builder front-end, and are<br>
quite happy with it.<br>
<br>
Hope this helps,<br>
Eneko<br>
<br>
<br>
On 06/11/13 00:34, Adam Hunt wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
From my reading it would seem that Proxmox was designed for uses<br>
who maintain a cluster of Proxmox instances.<br>
<br>
I'm interested in experimenting with Poroxmox using a single node<br>
for experimentation. Specifically I'm interested in using it on a<br>
single lowish end colo box: Ivy Bridge, Intel Xeon E3 1245v2, 4<br>
cores, 8 threads running 3.4 GHz (including VT-x and VT-d), 32 GB<br>
of memory, 2 x 3 TB SATA drives (soft RAID only), gigabit<br>
Ethernet, and the possibility of multiple IPs at a monthly cost.<br>
<br>
My primary question is that I don't need all my VMs or containers<br>
to have private IPs, I assume port forwarding should work in the<br>
majority of cases. My thought was to use one dedicated public IP<br>
for management of the Proxmox instance and one or more IPs for<br>
various services, off-site backup, web serving, VPN, DNS, VoIP,<br>
etc. Does this setup sound tenable?<br>
<br>
One thing I'm a bit foggy on is where the firewall and forwarding<br>
is managed. Are all the rules setup in the Proxmox host or do I<br>
route the non-management IPs to a dedicated firewall VM (I use<br>
pfSense in various places) and distribute IPs and forward ports<br>
them from their (that seems a little convoluted).<br>
<br>
Thanks for your help. One day I do hope to expand my Proxmox<br>
install to a cluster where I can get full use of its capabilities.<br>
<br>
--adam<br>
<br>
<br>
______________________________<u></u>_________________<br>
pve-user mailing list<br></div></div>
<a href="mailto:pve-user@pve.proxmox.com" target="_blank">pve-user@pve.proxmox.com</a> <mailto:<a href="mailto:pve-user@pve.proxmox.com" target="_blank">pve-user@pve.proxmox.<u></u>com</a>><br>
<a href="http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user" target="_blank">http://pve.proxmox.com/cgi-<u></u>bin/mailman/listinfo/pve-user</a><br>
</blockquote><div class="im">
<br>
<br>
--<br>
Zuzendari Teknikoa / Director Técnico<br>
Binovo IT Human Project, S.L.<br>
Telf. 943575997<br>
943493611<br>
Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180 Oiartzun (Gipuzkoa)<br></div>
<a href="http://www.binovo.es" target="_blank">www.binovo.es</a> <<a href="http://www.binovo.es" target="_blank">http://www.binovo.es</a>><br>
<br>
<br>
______________________________<u></u>_________________<br>
pve-user mailing list<br>
<a href="mailto:pve-user@pve.proxmox.com" target="_blank">pve-user@pve.proxmox.com</a> <mailto:<a href="mailto:pve-user@pve.proxmox.com" target="_blank">pve-user@pve.proxmox.<u></u>com</a>><br>
<a href="http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user" target="_blank">http://pve.proxmox.com/cgi-<u></u>bin/mailman/listinfo/pve-user</a><div class="im"><br>
<br>
<br>
<br>
<br>
______________________________<u></u>_________________<br>
pve-user mailing list<br>
<a href="mailto:pve-user@pve.proxmox.com" target="_blank">pve-user@pve.proxmox.com</a><br>
<a href="http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user" target="_blank">http://pve.proxmox.com/cgi-<u></u>bin/mailman/listinfo/pve-user</a><br>
</div></blockquote>
</blockquote></div><br></div>