Until finally surrendered to low energy router / firewall appliances, I used to have a linux box has my first layer of protection (Mandrake SNF, MNF, Astaro, or just the ordinary linux server with Shorewall). I'm talking about my home topology, and, needless to say, I have nothing to protect back home that justifies such heavy armoury, but this is the kind of things that distinguish business man from geeks, so I couldn't help it.
It was I Pentium I, running at 100MHz, with 32 MB of memory and 1.1 GB of disk. But man, was it noisy...
So one fine day, like 2 years ago, I asked my self: "Why isn't the firewall running inside a virtual machine?".
I didn't think twice:
- Shutdown the firewall and a virtual machine host server.
- Move both network cards from the first to the latter.
- Installed a router firewall (IPCop, a simple to install firewall/router was all I needed for my proof-of-concept). I kept the original firewall configuration information, so that the change would be transparent.
- Hooked my WAN cable to the external interface on the router / firewall.
- Hooked a cross-cable between internal interface and the host network card.
- Did some tweaking with the VMWare Network Configuration.
So I kept it running for a month or so, where it was finally replaced by the low energy appliance I'm using until today. The reason of the replacement was simple: I needed to recover memory on the virtual server host to create a new virtual machine...
It was an interesting proof-of-concept. From the security point of view, it was nearly just as secure as the solution it replaced. From ecological and maintenance view, it was by far a better solution.
No comments:
Post a Comment