[PVE-User] Interested in running Proxmox on a single (for now) colo node

Adam Hunt voxadam at gmail.com
Wed Nov 6 17:18:27 CET 2013 

Well, maybe I'll setup Proxmox on a system here or in a VM and try working
with host firewalling and see how I like it and then try pfSense. After
thinking about it for a bit I may just go with pfSense in a VM. It's not
like I'm going to be loading this system much as it is and a little VM
running pfSense isn't going to exactly break the bank CPU or memory wise.
Plus, like I mentioned before I'm more familiar with it and as you eluded
to it includes OpenVPN support that's easy as hell to configure.


On Wed, Nov 6, 2013 at 7:16 AM, Rob Fantini <rob at fantinibakery.com> wrote:

> pfsense makes vpn easy .
>
> We've used pfsense as a kvm and hardware.
>
> I  think pfsense on hardware is better as I can set up a nat to a non
> cluster system.
>
>
>
> On Wed 06 Nov 2013 10:08:02 AM EST, Adam Hunt wrote:
>
>> Eneko,
>>
>> Thanks for the reply. I'm not familiar with Firewall Builder but I'll
>> be sure to take a look at it. I kind of like the idea of doing the
>> firewalling and routing on the host as it just seems cleaner or
>> simpler. I had been thinking about running pfSense in a VM as that's
>> what I have the most experience with and FreeBSDs firewall
>> capablilities have always seemed a little more mature than Linux's
>> ipfwadmn, I mean ipchains, I mean iptables, or is it nftables now, oh
>> and you can't forget about ebtables (I'm joking it's just fun to poke
>> fun at all the choice sometimes and I've been using Linux long enough
>> to remember all of the solutions).
>>
>> Seeing as I don't need anything too extravagant maybe I'll just stick
>> to a host based solution. After a cursory look at Firewall Builder
>> it's probably all I need. A full pfSense VM would probably be
>> overkill. Plus, I could use a refresher on Linux's firewall capabilities.
>>
>> All that leaves is a OpenVPN server. As far as that goes where do you
>> run your VPN (assuming you use one at all)? Do you run it on the
>> Proxmox host, in a container, or a full blown VM?
>>
>> Thanks for the tips.
>>
>> --adam
>>
>>
>> On Wed, Nov 6, 2013 at 1:44 AM, Eneko Lacunza <elacunza at binovo.es
>> <mailto:elacunza at binovo.es>> wrote:
>>
>>     Hi Adam,
>>
>>     We have such an installation and Proxmox works fine, given the
>>     limitations of the underlying hardware (most notable are the disks).
>>
>>     For the firewall you can use a dedicated VM or also the native
>>     proxmox (hypervisor kernel) iptables. We use iptables on the
>>     hypervisor, managed by the Firewall Builder front-end, and are
>>     quite happy with it.
>>
>>     Hope this helps,
>>     Eneko
>>
>>
>>     On 06/11/13 00:34, Adam Hunt wrote:
>>
>>>     From my reading it would seem that Proxmox was designed for uses
>>>     who maintain a cluster of Proxmox instances.
>>>
>>>     I'm interested in experimenting with Poroxmox using a single node
>>>     for experimentation. Specifically I'm interested in using it on a
>>>     single lowish end colo box: Ivy Bridge, Intel Xeon E3 1245v2, 4
>>>     cores, 8 threads running 3.4 GHz (including VT-x and VT-d), 32 GB
>>>     of memory, 2 x 3 TB SATA drives (soft RAID only), gigabit
>>>     Ethernet, and the possibility of multiple IPs at a monthly cost.
>>>
>>>     My primary question is that I don't need all my VMs or containers
>>>     to have private IPs, I assume port forwarding should work in the
>>>     majority of cases. My thought was to use one dedicated public IP
>>>     for management of the Proxmox instance and one or more IPs for
>>>     various services, off-site backup, web serving, VPN, DNS, VoIP,
>>>     etc. Does this setup sound tenable?
>>>
>>>     One thing I'm a bit foggy on is where the firewall and forwarding
>>>     is managed. Are all the rules setup in the Proxmox host or do I
>>>     route the non-management IPs to a dedicated firewall VM (I use
>>>     pfSense in various places) and distribute IPs and forward ports
>>>     them from their (that seems a little convoluted).
>>>
>>>     Thanks for your help. One day I do hope to expand my Proxmox
>>>     install to a cluster where I can get full use of its capabilities.
>>>
>>>     --adam
>>>
>>>
>>>     _______________________________________________
>>>     pve-user mailing list
>>>     pve-user at pve.proxmox.com  <mailto:pve-user at pve.proxmox.com>
>>>     http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>>
>>
>>
>>     --
>>     Zuzendari Teknikoa / Director Técnico
>>     Binovo IT Human Project, S.L.
>>     Telf. 943575997
>>            943493611
>>     Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180 Oiartzun
>> (Gipuzkoa)
>>     www.binovo.es  <http://www.binovo.es>
>>
>>
>>     _______________________________________________
>>     pve-user mailing list
>>     pve-user at pve.proxmox.com <mailto:pve-user at pve.proxmox.com>
>>     http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>
>>
>>
>>
>>
>> _______________________________________________
>> pve-user mailing list
>> pve-user at pve.proxmox.com
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20131106/a7ebd4c7/attachment.htm>

More information about the pve-user mailing list