[ previous ] [ next ] [ threads ]
 
 From:  Bill Arlofski <waa dash m0n0wall at revpol dot com>
 To:  "Ulrik Lunddahl (PROconsult)" <ul at proconsult dot dk>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: SV: [m0n0wall] M0N0wall and VMware.
 Date:  Thu, 17 Jul 2008 09:57:50 -0400
Ulrik Lunddahl (PROconsult) wrote:
> Well the traffic shaper is not needed, but I was actually thinking about using it in a production
environment.
> 
> I run some Virtual machines I would like to protect from the general environment, and instead of
using VLAN and an external m0n0wall box. It would be nice and simple to add a few m0n0's to the HA
environment.
> 
> Does anyone else have experience with m0n0 on ESX 3.5 ?

Ulrik, I have tested and used virtual m0n0walls in a VMWare workstation 
environment. I have even worked with two of them, creating IPsec tunnels 
(for testing and demonstrating).   My friends tell me I'm crazy....

Phase 1: Create virtual IPsec tunnel on virtualized m0n0walls
Phase 2: ?????
Phase 3: Profit!

Who's crazy now!??  :)

I have several customers who have ESX servers too, but we are not 
running any virtual firewalls on them (yet).


In my testing, I have used the CDROM version of m0n0wall with a floppy 
image for storing the config. Upgrading or downgrading with this setup 
is as simple as pointing the Virtual machine's CDROM to a different .ISO 
file and rebooting it.

However there is one drawback that cropped up recently. With some of the 
newer versions of m0n0wall (I think it is Freebsd issue)  the floppy 
image file is no longer recognized so I need to keep running an older 
CDROM image or do what Manuel sugested on this list - use the generic PC 
image and install it to a VMware hard drive image.

I see no reason not to run a virtual m0n0wall in your ESX server as long 
as you fully understand and properly manage the virtual switching and 
the virtual switch to physical nic mapping etc.



--
Bill Arlofski
Reverse Polarity, LLC
http://www.revpol.com