Re: Can we run a qemu instance as a dedicated home network firewall?

On Sun, 30 Mar 2008 11:20:26 -0400, Mitchell Laks wrote:

Can we use a virtual qemu linux machine as a firewall for
a real home network?

I have a small network at home, with a few desktops and a DMZ and
a linux firewall machine.

Now that virtualization is working for me, via qemu, I would like to get rid
of all the old equipment that I use for little tasks.

Ie I have
1) old 486 machine F used as dedicated arno-firetables firewall.
2) old 486 machine D used as dedicated web server in DMZ.
3) plus a few workstations on a LAN call them A, B C.

Internet -> firewall machine F -> local LAN ->machines A, B, C
-> DMZ ->web server on D

1. Here F does NAT for machines A, B, C on 192.168.100.* .
2. While F gets an outside internet IP via dhcp from my cable provider.
3. F has 2 physical NIC cards.

My question is:
Can I replace F (and D) by virtual machines running on one of my desktop
machines A?

Sure NP. But if I were you, I'd keep those old equipment, for firewall at
least. Keep them headless, using virtual keyboard to config (Ah, forgot
the link!).

Anyway, if you do want to get rid of all the old equipments, qemu
virtualization might not be the best solution. Give Linux-VServer a look,

http://xpt.sourceforge.net/techdocs/nix/virtual/vt03-LinuxVServerInfo/

"Linux-VServer is a jail mechanism in that it can be used to securely
partition resources on a computer system (such as the file system, CPU
time, network addresses and memory) in such a way that processes cannot
mount a denial-of-service attack on anything outside their partition. "

It will "share the same system call interface and do not have any emulation
overhead". "Virtual private servers are commonly used in web hosting
services, where they are useful for segregating customer accounts, pooling
resources and containing any potential security breaches". Special care
has been taken to save HD space.

HTH

--
Tong (remove underscore(s) to reply)
http://xpt.sourceforge.net/techdocs/
http://xpt.sourceforge.net/tools/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Relevant Pages

  • Can we run a qemu instance as a dedicated home network firewall?
    ... I have a small network at home, with a few desktops and a DMZ and ... a linux firewall machine. ... Now that virtualization is working for me, via qemu, I would like to get rid ... Thus there would might be 2 physical NICs on A, ...
    (Debian-User)
  • Re: simple networking question
    ... Well the problem is I can't even ping by IP address, ... configured on your private network. ... second server with a mask of 255.255.255.0. ... virtualization). ...
    (microsoft.public.windows.server.general)
  • RE: Internet security on "hotspots" (Virtual browsers)
    ... You asked for a good firewall recommendation for protection 'while ... Network controls won't block attacks at the ... on the product, control access to COM, User Shell, local network, ... Just a note, virtualization products are like latex...gloves, not shots. ...
    (Focus-Microsoft)
  • Re: simple networking question
    ... weird settings for my dns to get them to communicate. ... I'm guessing you can ping by IP but not host name. ... configured on your private network. ... virtualization). ...
    (microsoft.public.windows.server.general)
  • Re: simple networking question
    ... Can the hardware PC's ping each other? ... company so why can't I network two pcs together?? ... I'm guessing you can ping by IP but not host name. ... virtualization). ...
    (microsoft.public.windows.server.general)