++ ATOT official NEF thread part IV ++

Page 7187 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
sdifox

sdifox

No Lifer
Sep 30, 2005
100,738
18,041
126
Red Squirrel said:
I prefer keeping the firewall separate from the rest of the network myself. Been itching to do some VM related upgrades though. I want to get off vmware and go with Proxmox or something along those lines. I want to be able to do live migrations and stuff without having to deal with commercial software (or piracy). Probably convert my mining rig into a VM server just need to get a proper case since the 6U monster is kinda overkill. Just not sure if you can live migrate between Intel and AMD though... Might be another excuse to build another AMD box lol.

Suppose I should pay off my truck first though. I still need to figure out WTF is going on with my corporate shares. If I don't get any sign of it by Monday I'm calling back to cancel it and getting it direct deposited like it should have been. No idea why they sent a cheque.
Click to expand...


It is separate. It has two dedicated nic and isolated
 
Red Squirrel

Red Squirrel

No Lifer
May 24, 2003
70,767
13,863
126
www.anyf.ca
No other VMs at all on it? Why not just run on bare metal then?

One thing I have thought of doing though is setting up a separate VM server that is self contained (local storage and all) and it would do all the stuff that faces the internet. So dual nic for pfsense, and then VMs that have port forwards for various services on their respective vlan. Then trunk WAN to switch, and then the other VM servers for internal stuff. Logically it would not change much but physically it would. It would protect from any weird flaws where a hacked VM (ex: torrent client/server) could escape to other VMs on same server. So basically online facing stuff would be on the stand alone VM server and internal stuff would be on a local normal cluster.

Probably going to stick to a setup similar to what I have now though. Just need to replace the pfsense box with a lower power one. I do want to add another VM server though so I can do a proper cluster. Probably switch to Proxmox so I can get HA and live migrations etc.
 
sdifox

sdifox

No Lifer
Sep 30, 2005
100,738
18,041
126
Red Squirrel said:
No other VMs at all on it? Why not just run on bare metal then?

One thing I have thought of doing though is setting up a separate VM server that is self contained (local storage and all) and it would do all the stuff that faces the internet. So dual nic for pfsense, and then VMs that have port forwards for various services on their respective vlan. Then trunk WAN to switch, and then the other VM servers for internal stuff. Logically it would not change much but physically it would. It would protect from any weird flaws where a hacked VM (ex: torrent client/server) could escape to other VMs on same server. So basically online facing stuff would be on the stand alone VM server and internal stuff would be on a local normal cluster.

Probably going to stick to a setup similar to what I have now though. Just need to replace the pfsense box with a lower power one. I do want to add another VM server though so I can do a proper cluster. Probably switch to Proxmox so I can get HA and live migrations etc.
Click to expand...

of course there are other vms on that box, the nic connected to cable modem is exclusive to pfsense vm, other vms, or even host, cannot access it.
 
bigboxes

bigboxes

Lifer
Apr 6, 2002
42,412
12,431
146
N0xnctMl.jpg
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom