[PVE-User] Interested in running Proxmox on a single (for now) colo node

Rob Fantini rob at fantinibakery.com
Wed Nov 6 16:16:46 CET 2013


pfsense makes vpn easy .

We've used pfsense as a kvm and hardware.

I  think pfsense on hardware is better as I can set up a nat to a non 
cluster system.


On Wed 06 Nov 2013 10:08:02 AM EST, Adam Hunt wrote:
> Eneko,
>
> Thanks for the reply. I'm not familiar with Firewall Builder but I'll
> be sure to take a look at it. I kind of like the idea of doing the
> firewalling and routing on the host as it just seems cleaner or
> simpler. I had been thinking about running pfSense in a VM as that's
> what I have the most experience with and FreeBSDs firewall
> capablilities have always seemed a little more mature than Linux's
> ipfwadmn, I mean ipchains, I mean iptables, or is it nftables now, oh
> and you can't forget about ebtables (I'm joking it's just fun to poke
> fun at all the choice sometimes and I've been using Linux long enough
> to remember all of the solutions).
>
> Seeing as I don't need anything too extravagant maybe I'll just stick
> to a host based solution. After a cursory look at Firewall Builder
> it's probably all I need. A full pfSense VM would probably be
> overkill. Plus, I could use a refresher on Linux's firewall capabilities.
>
> All that leaves is a OpenVPN server. As far as that goes where do you
> run your VPN (assuming you use one at all)? Do you run it on the
> Proxmox host, in a container, or a full blown VM?
>
> Thanks for the tips.
>
> --adam
>
>
> On Wed, Nov 6, 2013 at 1:44 AM, Eneko Lacunza <elacunza at binovo.es
> <mailto:elacunza at binovo.es>> wrote:
>
>     Hi Adam,
>
>     We have such an installation and Proxmox works fine, given the
>     limitations of the underlying hardware (most notable are the disks).
>
>     For the firewall you can use a dedicated VM or also the native
>     proxmox (hypervisor kernel) iptables. We use iptables on the
>     hypervisor, managed by the Firewall Builder front-end, and are
>     quite happy with it.
>
>     Hope this helps,
>     Eneko
>
>
>     On 06/11/13 00:34, Adam Hunt wrote:
>>     From my reading it would seem that Proxmox was designed for uses
>>     who maintain a cluster of Proxmox instances.
>>
>>     I'm interested in experimenting with Poroxmox using a single node
>>     for experimentation. Specifically I'm interested in using it on a
>>     single lowish end colo box: Ivy Bridge, Intel Xeon E3 1245v2, 4
>>     cores, 8 threads running 3.4 GHz (including VT-x and VT-d), 32 GB
>>     of memory, 2 x 3 TB SATA drives (soft RAID only), gigabit
>>     Ethernet, and the possibility of multiple IPs at a monthly cost.
>>
>>     My primary question is that I don't need all my VMs or containers
>>     to have private IPs, I assume port forwarding should work in the
>>     majority of cases. My thought was to use one dedicated public IP
>>     for management of the Proxmox instance and one or more IPs for
>>     various services, off-site backup, web serving, VPN, DNS, VoIP,
>>     etc. Does this setup sound tenable?
>>
>>     One thing I'm a bit foggy on is where the firewall and forwarding
>>     is managed. Are all the rules setup in the Proxmox host or do I
>>     route the non-management IPs to a dedicated firewall VM (I use
>>     pfSense in various places) and distribute IPs and forward ports
>>     them from their (that seems a little convoluted).
>>
>>     Thanks for your help. One day I do hope to expand my Proxmox
>>     install to a cluster where I can get full use of its capabilities.
>>
>>     --adam
>>
>>
>>     _______________________________________________
>>     pve-user mailing list
>>     pve-user at pve.proxmox.com  <mailto:pve-user at pve.proxmox.com>
>>     http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>
>
>     --
>     Zuzendari Teknikoa / Director T├ęcnico
>     Binovo IT Human Project, S.L.
>     Telf. 943575997
>            943493611
>     Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180 Oiartzun (Gipuzkoa)
>     www.binovo.es  <http://www.binovo.es>
>
>
>     _______________________________________________
>     pve-user mailing list
>     pve-user at pve.proxmox.com <mailto:pve-user at pve.proxmox.com>
>     http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>
>
>
>
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user



More information about the pve-user mailing list