|
||||||||||
Ulrik Lunddahl (PROconsult) wrote: > Well the traffic shaper is not needed, but I was actually thinking about using it in a production environment. > > I run some Virtual machines I would like to protect from the general environment, and instead of using VLAN and an external m0n0wall box. It would be nice and simple to add a few m0n0's to the HA environment. > > Does anyone else have experience with m0n0 on ESX 3.5 ? Ulrik, I have tested and used virtual m0n0walls in a VMWare workstation environment. I have even worked with two of them, creating IPsec tunnels (for testing and demonstrating). My friends tell me I'm crazy.... Phase 1: Create virtual IPsec tunnel on virtualized m0n0walls Phase 2: ????? Phase 3: Profit! Who's crazy now!?? :) I have several customers who have ESX servers too, but we are not running any virtual firewalls on them (yet). In my testing, I have used the CDROM version of m0n0wall with a floppy image for storing the config. Upgrading or downgrading with this setup is as simple as pointing the Virtual machine's CDROM to a different .ISO file and rebooting it. However there is one drawback that cropped up recently. With some of the newer versions of m0n0wall (I think it is Freebsd issue) the floppy image file is no longer recognized so I need to keep running an older CDROM image or do what Manuel sugested on this list - use the generic PC image and install it to a VMware hard drive image. I see no reason not to run a virtual m0n0wall in your ESX server as long as you fully understand and properly manage the virtual switching and the virtual switch to physical nic mapping etc. -- Bill Arlofski Reverse Polarity, LLC http://www.revpol.com |