[PVE-User] Interested in running Proxmox on a single (for now) colo node

Adam Hunt voxadam at gmail.com
Wed Nov 6 16:08:02 CET 2013


Thanks for the reply. I'm not familiar with Firewall Builder but I'll be
sure to take a look at it. I kind of like the idea of doing the firewalling
and routing on the host as it just seems cleaner or simpler. I had been
thinking about running pfSense in a VM as that's what I have the most
experience with and FreeBSDs firewall capablilities have always seemed a
little more mature than Linux's ipfwadmn, I mean ipchains, I mean iptables,
or is it nftables now, oh and you can't forget about ebtables (I'm joking
it's just fun to poke fun at all the choice sometimes and I've been using
Linux long enough to remember all of the solutions).

Seeing as I don't need anything too extravagant maybe I'll just stick to a
host based solution. After a cursory look at Firewall Builder it's probably
all I need. A full pfSense VM would probably be overkill. Plus, I could use
a refresher on Linux's firewall capabilities.

All that leaves is a OpenVPN server. As far as that goes where do you run
your VPN (assuming you use one at all)? Do you run it on the Proxmox host,
in a container, or a full blown VM?

Thanks for the tips.


On Wed, Nov 6, 2013 at 1:44 AM, Eneko Lacunza <elacunza at binovo.es> wrote:

>  Hi Adam,
> We have such an installation and Proxmox works fine, given the limitations
> of the underlying hardware (most notable are the disks).
> For the firewall you can use a dedicated VM or also the native proxmox
> (hypervisor kernel) iptables. We use iptables on the hypervisor, managed by
> the Firewall Builder front-end, and are quite happy with it.
> Hope this helps,
> Eneko
> On 06/11/13 00:34, Adam Hunt wrote:
> From my reading it would seem that Proxmox was designed for uses who
> maintain a cluster of Proxmox instances.
>  I'm interested in experimenting with Poroxmox using a single node for
> experimentation. Specifically I'm interested in using it on a single lowish
> end colo box: Ivy Bridge, Intel Xeon E3 1245v2, 4 cores, 8 threads running
> 3.4 GHz (including VT-x and VT-d), 32 GB of memory, 2 x 3 TB SATA drives
> (soft RAID only), gigabit Ethernet, and the possibility of multiple IPs at
> a monthly cost.
>  My primary question is that I don't need all my VMs or containers to
> have private IPs, I assume port forwarding should work in the majority of
> cases. My thought was to use one dedicated public IP for management of the
> Proxmox instance and one or more IPs for various services, off-site backup,
> web serving, VPN, DNS, VoIP, etc. Does this setup sound tenable?
>  One thing I'm a bit foggy on is where the firewall and forwarding is
> managed. Are all the rules setup in the Proxmox host or do I route the
> non-management IPs to a dedicated firewall VM (I use pfSense in various
> places) and distribute IPs and forward ports them from their (that seems a
> little convoluted).
>  Thanks for your help. One day I do hope to expand my Proxmox install to
> a cluster where I can get full use of its capabilities.
>  --adam
> _______________________________________________
> pve-user mailing listpve-user at pve.proxmox.comhttp://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> --
> Zuzendari Teknikoa / Director Técnico
> Binovo IT Human Project, S.L.
> Telf. 943575997
>       943493611
> Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180 Oiartzun (Gipuzkoa)www.binovo.es
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20131106/0328abfe/attachment.htm>

More information about the pve-user mailing list