[PVE-User] Interested in running Proxmox on a single (for now) colo node

Rob Fantini rob at fantinibakery.com
Wed Nov 6 17:28:41 CET 2013

I think many others  use pfsense in a KVM.

check forum for threads about cpu type.   I think we had to use a 
particular type.

On Wed 06 Nov 2013 11:18:27 AM EST, Adam Hunt wrote:
> Well, maybe I'll setup Proxmox on a system here or in a VM and try
> working with host firewalling and see how I like it and then try
> pfSense. After thinking about it for a bit I may just go with pfSense
> in a VM. It's not like I'm going to be loading this system much as it
> is and a little VM running pfSense isn't going to exactly break the
> bank CPU or memory wise. Plus, like I mentioned before I'm more
> familiar with it and as you eluded to it includes OpenVPN support
> that's easy as hell to configure.
> On Wed, Nov 6, 2013 at 7:16 AM, Rob Fantini <rob at fantinibakery.com
> <mailto:rob at fantinibakery.com>> wrote:
>     pfsense makes vpn easy .
>     We've used pfsense as a kvm and hardware.
>     I  think pfsense on hardware is better as I can set up a nat to a
>     non cluster system.
>     On Wed 06 Nov 2013 10:08:02 AM EST, Adam Hunt wrote:
>         Eneko,
>         Thanks for the reply. I'm not familiar with Firewall Builder
>         but I'll
>         be sure to take a look at it. I kind of like the idea of doing the
>         firewalling and routing on the host as it just seems cleaner or
>         simpler. I had been thinking about running pfSense in a VM as
>         that's
>         what I have the most experience with and FreeBSDs firewall
>         capablilities have always seemed a little more mature than Linux's
>         ipfwadmn, I mean ipchains, I mean iptables, or is it nftables
>         now, oh
>         and you can't forget about ebtables (I'm joking it's just fun
>         to poke
>         fun at all the choice sometimes and I've been using Linux long
>         enough
>         to remember all of the solutions).
>         Seeing as I don't need anything too extravagant maybe I'll
>         just stick
>         to a host based solution. After a cursory look at Firewall Builder
>         it's probably all I need. A full pfSense VM would probably be
>         overkill. Plus, I could use a refresher on Linux's firewall
>         capabilities.
>         All that leaves is a OpenVPN server. As far as that goes where
>         do you
>         run your VPN (assuming you use one at all)? Do you run it on the
>         Proxmox host, in a container, or a full blown VM?
>         Thanks for the tips.
>         --adam
>         On Wed, Nov 6, 2013 at 1:44 AM, Eneko Lacunza
>         <elacunza at binovo.es <mailto:elacunza at binovo.es>
>         <mailto:elacunza at binovo.es <mailto:elacunza at binovo.es>>> wrote:
>             Hi Adam,
>             We have such an installation and Proxmox works fine, given the
>             limitations of the underlying hardware (most notable are
>         the disks).
>             For the firewall you can use a dedicated VM or also the native
>             proxmox (hypervisor kernel) iptables. We use iptables on the
>             hypervisor, managed by the Firewall Builder front-end, and are
>             quite happy with it.
>             Hope this helps,
>             Eneko
>             On 06/11/13 00:34, Adam Hunt wrote:
>                 From my reading it would seem that Proxmox was
>             designed for uses
>                 who maintain a cluster of Proxmox instances.
>                 I'm interested in experimenting with Poroxmox using a
>             single node
>                 for experimentation. Specifically I'm interested in
>             using it on a
>                 single lowish end colo box: Ivy Bridge, Intel Xeon E3
>             1245v2, 4
>                 cores, 8 threads running 3.4 GHz (including VT-x and
>             VT-d), 32 GB
>                 of memory, 2 x 3 TB SATA drives (soft RAID only), gigabit
>                 Ethernet, and the possibility of multiple IPs at a
>             monthly cost.
>                 My primary question is that I don't need all my VMs or
>             containers
>                 to have private IPs, I assume port forwarding should
>             work in the
>                 majority of cases. My thought was to use one dedicated
>             public IP
>                 for management of the Proxmox instance and one or more
>             IPs for
>                 various services, off-site backup, web serving, VPN,
>             DNS, VoIP,
>                 etc. Does this setup sound tenable?
>                 One thing I'm a bit foggy on is where the firewall and
>             forwarding
>                 is managed. Are all the rules setup in the Proxmox
>             host or do I
>                 route the non-management IPs to a dedicated firewall
>             VM (I use
>                 pfSense in various places) and distribute IPs and
>             forward ports
>                 them from their (that seems a little convoluted).
>                 Thanks for your help. One day I do hope to expand my
>             Proxmox
>                 install to a cluster where I can get full use of its
>             capabilities.
>                 --adam
>                 _________________________________________________
>                 pve-user mailing list
>             pve-user at pve.proxmox.com <mailto:pve-user at pve.proxmox.com>
>              <mailto:pve-user at pve.proxmox.__com
>             <mailto:pve-user at pve.proxmox.com>>
>             http://pve.proxmox.com/cgi-__bin/mailman/listinfo/pve-user
>             <http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user>
>             --
>             Zuzendari Teknikoa / Director Técnico
>             Binovo IT Human Project, S.L.
>             Telf. 943575997
>                    943493611
>             Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180
>         Oiartzun (Gipuzkoa)
>         www.binovo.es <http://www.binovo.es>  <http://www.binovo.es>
>             _________________________________________________
>             pve-user mailing list
>         pve-user at pve.proxmox.com <mailto:pve-user at pve.proxmox.com>
>         <mailto:pve-user at pve.proxmox.__com
>         <mailto:pve-user at pve.proxmox.com>>
>         http://pve.proxmox.com/cgi-__bin/mailman/listinfo/pve-user
>         <http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user>
>         _________________________________________________
>         pve-user mailing list
>         pve-user at pve.proxmox.com <mailto:pve-user at pve.proxmox.com>
>         http://pve.proxmox.com/cgi-__bin/mailman/listinfo/pve-user
>         <http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user>

More information about the pve-user mailing list