[ previous ] [ next ] [ threads ]
 
 From:  Jeff Rhys-Jones <jeff at acc dash international dot co dot uk>
 To:  monowall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Why should one not use Monowall for production systems on a VM Platform
 Date:  Tue, 9 Sep 2008 18:12:09 +0100 
Thanks Michel,

Yes I understand that - but as I mentioned, if the ESX server is  
itself behind a firewall - and I use Monowall for 'Internal' fire- 
walling only - would this be OK?

Cheers,

Jeff

On 9 Sep 2008, at 18:02, Michel Servaes wrote:

> I personally feel a bit akward to put an ESX physically on a WAN link!
> Since your VM host will be servicing a monowall "guest", your vmware  
> solution (either ESX or VMWare Server) would be running directly in  
> contact with the internet... that's why I guess that it's ideal to  
> run a monowall (or pfsense) in vmware for testing out new features...
>
> kind regards,
> michel
>
> Jeff Rhys-Jones schreef:
>> I have taken a good look at Monowall and think it's a great bit of  
>> coding. Monowall has a very small OS footprint, and is therefore  
>> idea to run in virtual environments.
>>
>> Initially I was very excited about the VMWare version of Monowall,  
>> as I can see a clear need for people to use Firewall VM appliances.  
>> It's a hot topic right now.
>>
>> However, on reading the manual - it could not be spelt out clearer,  
>> the message is this: DO NOT USE IT FOR PRODUCTION!
>>
>> What I would really like to know is - why?
>>
>> Is it something to do with a fundamental issue - like performance -  
>> security?
>>
>> I have had a trawl through these lists and it seems that people  
>> *are* using monowall on ESX - and it seems that from what most  
>> people say - the main issue are issues / mis-configurations of   
>> virtual switches.
>>
>> If used as an additional layer of security (in a virtual data  
>> centre, behind a dedicated firewall and providing better VM to VM  
>> segregation) - would it hurt?
>>
>> Or would it cause everything to fall to bits?
>>
>> Anyone?
>>
>> Jeff
>>
>> ACC International Ltd
>>
>> t: +44 (0) 20 70436093
>> f: +44 (0) 20 70436099
>> e: jeff at acc dash international dot co dot uk
>>
>>
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>