[ previous ] [ next ] [ threads ]
 
 From:  "Roland Giesler" <roland at thegreentree dot za dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  m0n0wall&virtualization
 Date:  Mon, 23 Jul 2007 19:09:59 +0200
Hi all,

I would like to run m0n0wall and a spam filter (inter alia) on the same
hardware box, but have been wondering what the best way would be to do this.

Of course, the m0n0wall WAN port must be the only one accessible from the
outside/internet.

One way I was thinking: Xen on OpenBSD or FreeBSD and then to run m0n0wall
in one VM and a Spamfilter (ESVA) in another.  But that would mean that the
Xen host would be "before" my firewall (as seen from the internet), and thus
be vulnerable.

If I run m0n0wall as Host, could I start a Xen VM inside it?  Then I could
run ESVA in a "safe" machine and simply push all mail through it before
delivering to the mail server.

I could run the VM on the mailserver but the particular config at the client
site (which sort of requires that we stick to the installed Windows 2000
server), does not allow a VM to be run in a stable manner - it actually
makes Windows 2000 unstable.  Space is also at a premium.  But more than
that, it's an idea I've been toying with for some time.  If it can be made
to work, then I can build an appliance which I can just pop in at a client
site with all the stuff on it that I need
(firewall/spamfilter/mailserver/cache/proxy).  So,as you can see, I'd like
to run a few VM's on one box, with the firewall being the host OS.  If I
can't, then how close can I get to that?

comments, ideas and suggestions most welcome.

thanks

-- 
Roland Giesler
Green Tree Systems cc, Stellenbosch, South Africa
Mobile: 072-450-2817   http://www.thegreentree.za.net

Shop online at http://www.digitalplanet.co.za/?AID=497