[PVE-User] Interested in running Proxmox on a single (for now) colo node
Adam Hunt
voxadam at gmail.com
Wed Nov 6 17:18:27 CET 2013
Well, maybe I'll setup Proxmox on a system here or in a VM and try working
with host firewalling and see how I like it and then try pfSense. After
thinking about it for a bit I may just go with pfSense in a VM. It's not
like I'm going to be loading this system much as it is and a little VM
running pfSense isn't going to exactly break the bank CPU or memory wise.
Plus, like I mentioned before I'm more familiar with it and as you eluded
to it includes OpenVPN support that's easy as hell to configure.
On Wed, Nov 6, 2013 at 7:16 AM, Rob Fantini <rob at fantinibakery.com> wrote:
> pfsense makes vpn easy .
>
> We've used pfsense as a kvm and hardware.
>
> I think pfsense on hardware is better as I can set up a nat to a non
> cluster system.
>
>
>
> On Wed 06 Nov 2013 10:08:02 AM EST, Adam Hunt wrote:
>
>> Eneko,
>>
>> Thanks for the reply. I'm not familiar with Firewall Builder but I'll
>> be sure to take a look at it. I kind of like the idea of doing the
>> firewalling and routing on the host as it just seems cleaner or
>> simpler. I had been thinking about running pfSense in a VM as that's
>> what I have the most experience with and FreeBSDs firewall
>> capablilities have always seemed a little more mature than Linux's
>> ipfwadmn, I mean ipchains, I mean iptables, or is it nftables now, oh
>> and you can't forget about ebtables (I'm joking it's just fun to poke
>> fun at all the choice sometimes and I've been using Linux long enough
>> to remember all of the solutions).
>>
>> Seeing as I don't need anything too extravagant maybe I'll just stick
>> to a host based solution. After a cursory look at Firewall Builder
>> it's probably all I need. A full pfSense VM would probably be
>> overkill. Plus, I could use a refresher on Linux's firewall capabilities.
>>
>> All that leaves is a OpenVPN server. As far as that goes where do you
>> run your VPN (assuming you use one at all)? Do you run it on the
>> Proxmox host, in a container, or a full blown VM?
>>
>> Thanks for the tips.
>>
>> --adam
>>
>>
>> On Wed, Nov 6, 2013 at 1:44 AM, Eneko Lacunza <elacunza at binovo.es
>> <mailto:elacunza at binovo.es>> wrote:
>>
>> Hi Adam,
>>
>> We have such an installation and Proxmox works fine, given the
>> limitations of the underlying hardware (most notable are the disks).
>>
>> For the firewall you can use a dedicated VM or also the native
>> proxmox (hypervisor kernel) iptables. We use iptables on the
>> hypervisor, managed by the Firewall Builder front-end, and are
>> quite happy with it.
>>
>> Hope this helps,
>> Eneko
>>
>>
>> On 06/11/13 00:34, Adam Hunt wrote:
>>
>>> From my reading it would seem that Proxmox was designed for uses
>>> who maintain a cluster of Proxmox instances.
>>>
>>> I'm interested in experimenting with Poroxmox using a single node
>>> for experimentation. Specifically I'm interested in using it on a
>>> single lowish end colo box: Ivy Bridge, Intel Xeon E3 1245v2, 4
>>> cores, 8 threads running 3.4 GHz (including VT-x and VT-d), 32 GB
>>> of memory, 2 x 3 TB SATA drives (soft RAID only), gigabit
>>> Ethernet, and the possibility of multiple IPs at a monthly cost.
>>>
>>> My primary question is that I don't need all my VMs or containers
>>> to have private IPs, I assume port forwarding should work in the
>>> majority of cases. My thought was to use one dedicated public IP
>>> for management of the Proxmox instance and one or more IPs for
>>> various services, off-site backup, web serving, VPN, DNS, VoIP,
>>> etc. Does this setup sound tenable?
>>>
>>> One thing I'm a bit foggy on is where the firewall and forwarding
>>> is managed. Are all the rules setup in the Proxmox host or do I
>>> route the non-management IPs to a dedicated firewall VM (I use
>>> pfSense in various places) and distribute IPs and forward ports
>>> them from their (that seems a little convoluted).
>>>
>>> Thanks for your help. One day I do hope to expand my Proxmox
>>> install to a cluster where I can get full use of its capabilities.
>>>
>>> --adam
>>>
>>>
>>> _______________________________________________
>>> pve-user mailing list
>>> pve-user at pve.proxmox.com <mailto:pve-user at pve.proxmox.com>
>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>>
>>
>>
>> --
>> Zuzendari Teknikoa / Director Técnico
>> Binovo IT Human Project, S.L.
>> Telf. 943575997
>> 943493611
>> Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180 Oiartzun
>> (Gipuzkoa)
>> www.binovo.es <http://www.binovo.es>
>>
>>
>> _______________________________________________
>> pve-user mailing list
>> pve-user at pve.proxmox.com <mailto:pve-user at pve.proxmox.com>
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>
>>
>>
>>
>>
>> _______________________________________________
>> pve-user mailing list
>> pve-user at pve.proxmox.com
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20131106/a7ebd4c7/attachment.htm>
More information about the pve-user
mailing list