[PVE-User] Interested in running Proxmox on a single (for now) colo node
Rob Fantini
rob at fantinibakery.com
Wed Nov 6 17:28:41 CET 2013
I think many others use pfsense in a KVM.
check forum for threads about cpu type. I think we had to use a
particular type.
On Wed 06 Nov 2013 11:18:27 AM EST, Adam Hunt wrote:
> Well, maybe I'll setup Proxmox on a system here or in a VM and try
> working with host firewalling and see how I like it and then try
> pfSense. After thinking about it for a bit I may just go with pfSense
> in a VM. It's not like I'm going to be loading this system much as it
> is and a little VM running pfSense isn't going to exactly break the
> bank CPU or memory wise. Plus, like I mentioned before I'm more
> familiar with it and as you eluded to it includes OpenVPN support
> that's easy as hell to configure.
>
>
> On Wed, Nov 6, 2013 at 7:16 AM, Rob Fantini <rob at fantinibakery.com
> <mailto:rob at fantinibakery.com>> wrote:
>
> pfsense makes vpn easy .
>
> We've used pfsense as a kvm and hardware.
>
> I think pfsense on hardware is better as I can set up a nat to a
> non cluster system.
>
>
>
> On Wed 06 Nov 2013 10:08:02 AM EST, Adam Hunt wrote:
>
> Eneko,
>
> Thanks for the reply. I'm not familiar with Firewall Builder
> but I'll
> be sure to take a look at it. I kind of like the idea of doing the
> firewalling and routing on the host as it just seems cleaner or
> simpler. I had been thinking about running pfSense in a VM as
> that's
> what I have the most experience with and FreeBSDs firewall
> capablilities have always seemed a little more mature than Linux's
> ipfwadmn, I mean ipchains, I mean iptables, or is it nftables
> now, oh
> and you can't forget about ebtables (I'm joking it's just fun
> to poke
> fun at all the choice sometimes and I've been using Linux long
> enough
> to remember all of the solutions).
>
> Seeing as I don't need anything too extravagant maybe I'll
> just stick
> to a host based solution. After a cursory look at Firewall Builder
> it's probably all I need. A full pfSense VM would probably be
> overkill. Plus, I could use a refresher on Linux's firewall
> capabilities.
>
> All that leaves is a OpenVPN server. As far as that goes where
> do you
> run your VPN (assuming you use one at all)? Do you run it on the
> Proxmox host, in a container, or a full blown VM?
>
> Thanks for the tips.
>
> --adam
>
>
> On Wed, Nov 6, 2013 at 1:44 AM, Eneko Lacunza
> <elacunza at binovo.es <mailto:elacunza at binovo.es>
> <mailto:elacunza at binovo.es <mailto:elacunza at binovo.es>>> wrote:
>
> Hi Adam,
>
> We have such an installation and Proxmox works fine, given the
> limitations of the underlying hardware (most notable are
> the disks).
>
> For the firewall you can use a dedicated VM or also the native
> proxmox (hypervisor kernel) iptables. We use iptables on the
> hypervisor, managed by the Firewall Builder front-end, and are
> quite happy with it.
>
> Hope this helps,
> Eneko
>
>
> On 06/11/13 00:34, Adam Hunt wrote:
>
> From my reading it would seem that Proxmox was
> designed for uses
> who maintain a cluster of Proxmox instances.
>
> I'm interested in experimenting with Poroxmox using a
> single node
> for experimentation. Specifically I'm interested in
> using it on a
> single lowish end colo box: Ivy Bridge, Intel Xeon E3
> 1245v2, 4
> cores, 8 threads running 3.4 GHz (including VT-x and
> VT-d), 32 GB
> of memory, 2 x 3 TB SATA drives (soft RAID only), gigabit
> Ethernet, and the possibility of multiple IPs at a
> monthly cost.
>
> My primary question is that I don't need all my VMs or
> containers
> to have private IPs, I assume port forwarding should
> work in the
> majority of cases. My thought was to use one dedicated
> public IP
> for management of the Proxmox instance and one or more
> IPs for
> various services, off-site backup, web serving, VPN,
> DNS, VoIP,
> etc. Does this setup sound tenable?
>
> One thing I'm a bit foggy on is where the firewall and
> forwarding
> is managed. Are all the rules setup in the Proxmox
> host or do I
> route the non-management IPs to a dedicated firewall
> VM (I use
> pfSense in various places) and distribute IPs and
> forward ports
> them from their (that seems a little convoluted).
>
> Thanks for your help. One day I do hope to expand my
> Proxmox
> install to a cluster where I can get full use of its
> capabilities.
>
> --adam
>
>
> _________________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com <mailto:pve-user at pve.proxmox.com>
> <mailto:pve-user at pve.proxmox.__com
> <mailto:pve-user at pve.proxmox.com>>
> http://pve.proxmox.com/cgi-__bin/mailman/listinfo/pve-user
> <http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user>
>
>
>
> --
> Zuzendari Teknikoa / Director Técnico
> Binovo IT Human Project, S.L.
> Telf. 943575997
> 943493611
> Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180
> Oiartzun (Gipuzkoa)
> www.binovo.es <http://www.binovo.es> <http://www.binovo.es>
>
>
> _________________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com <mailto:pve-user at pve.proxmox.com>
> <mailto:pve-user at pve.proxmox.__com
> <mailto:pve-user at pve.proxmox.com>>
> http://pve.proxmox.com/cgi-__bin/mailman/listinfo/pve-user
> <http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user>
>
>
>
>
>
> _________________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com <mailto:pve-user at pve.proxmox.com>
> http://pve.proxmox.com/cgi-__bin/mailman/listinfo/pve-user
> <http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user>
>
>
More information about the pve-user
mailing list