[PVE-User] Interested in running Proxmox on a single (for now) colo node
rob at fantinibakery.com
Wed Nov 6 16:16:46 CET 2013
pfsense makes vpn easy .
We've used pfsense as a kvm and hardware.
I think pfsense on hardware is better as I can set up a nat to a non
On Wed 06 Nov 2013 10:08:02 AM EST, Adam Hunt wrote:
> Thanks for the reply. I'm not familiar with Firewall Builder but I'll
> be sure to take a look at it. I kind of like the idea of doing the
> firewalling and routing on the host as it just seems cleaner or
> simpler. I had been thinking about running pfSense in a VM as that's
> what I have the most experience with and FreeBSDs firewall
> capablilities have always seemed a little more mature than Linux's
> ipfwadmn, I mean ipchains, I mean iptables, or is it nftables now, oh
> and you can't forget about ebtables (I'm joking it's just fun to poke
> fun at all the choice sometimes and I've been using Linux long enough
> to remember all of the solutions).
> Seeing as I don't need anything too extravagant maybe I'll just stick
> to a host based solution. After a cursory look at Firewall Builder
> it's probably all I need. A full pfSense VM would probably be
> overkill. Plus, I could use a refresher on Linux's firewall capabilities.
> All that leaves is a OpenVPN server. As far as that goes where do you
> run your VPN (assuming you use one at all)? Do you run it on the
> Proxmox host, in a container, or a full blown VM?
> Thanks for the tips.
> On Wed, Nov 6, 2013 at 1:44 AM, Eneko Lacunza <elacunza at binovo.es
> <mailto:elacunza at binovo.es>> wrote:
> Hi Adam,
> We have such an installation and Proxmox works fine, given the
> limitations of the underlying hardware (most notable are the disks).
> For the firewall you can use a dedicated VM or also the native
> proxmox (hypervisor kernel) iptables. We use iptables on the
> hypervisor, managed by the Firewall Builder front-end, and are
> quite happy with it.
> Hope this helps,
> On 06/11/13 00:34, Adam Hunt wrote:
>> From my reading it would seem that Proxmox was designed for uses
>> who maintain a cluster of Proxmox instances.
>> I'm interested in experimenting with Poroxmox using a single node
>> for experimentation. Specifically I'm interested in using it on a
>> single lowish end colo box: Ivy Bridge, Intel Xeon E3 1245v2, 4
>> cores, 8 threads running 3.4 GHz (including VT-x and VT-d), 32 GB
>> of memory, 2 x 3 TB SATA drives (soft RAID only), gigabit
>> Ethernet, and the possibility of multiple IPs at a monthly cost.
>> My primary question is that I don't need all my VMs or containers
>> to have private IPs, I assume port forwarding should work in the
>> majority of cases. My thought was to use one dedicated public IP
>> for management of the Proxmox instance and one or more IPs for
>> various services, off-site backup, web serving, VPN, DNS, VoIP,
>> etc. Does this setup sound tenable?
>> One thing I'm a bit foggy on is where the firewall and forwarding
>> is managed. Are all the rules setup in the Proxmox host or do I
>> route the non-management IPs to a dedicated firewall VM (I use
>> pfSense in various places) and distribute IPs and forward ports
>> them from their (that seems a little convoluted).
>> Thanks for your help. One day I do hope to expand my Proxmox
>> install to a cluster where I can get full use of its capabilities.
>> pve-user mailing list
>> pve-user at pve.proxmox.com <mailto:pve-user at pve.proxmox.com>
> Zuzendari Teknikoa / Director Técnico
> Binovo IT Human Project, S.L.
> Telf. 943575997
> Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180 Oiartzun (Gipuzkoa)
> www.binovo.es <http://www.binovo.es>
> pve-user mailing list
> pve-user at pve.proxmox.com <mailto:pve-user at pve.proxmox.com>
> pve-user mailing list
> pve-user at pve.proxmox.com
More information about the pve-user