good linux based firewall that I can throw on a VM that has WEB administration

[cyr0n_k0r]

I have tried clark connect but cant get the damn thing working.

Anyone else know of any good linux based firewall software that I can throw on a virtual machine and manage it via the web.

If it doesnt have web admin I am NOT interested.

 

[tdg]

pfSense works in a VM and has a great web interface. It's FreeBSD based instead of Linux though.

 

[cyr0n_k0r]

I took a look at it, seems pretty cool.

I want to know if it will do what I want though.

I have a server and want to run a firewall. I don't want to purchase another machine or some extra hardware, so I want to run a firewall VM.

I am getting screwed up in trying to allocate the proper physical and virtual network adapters to the VM to accomplish my goal.. which is..

I want the ISP coming into a physical NIC on the server (there are multiple NIC's, but only 1 will be used)

Then I want the traffic passed from the physical NIC where the firewall inspects all the traffic, to a virtual NIC that has an internal IP where it passes off the inspected traffic to the host server.

ISP ---> Firewall VM (Physical NIC) ----> Host Server (Virtual NIC)

This way I dont have to purchase another machine, and if the firewall is ever hacked.. all they have access to is the VM.

Anyone have experience setting something like this up?

 

[RyanL]

Can't go wrong with IPTables and APF...IPtables should already be ready to go.

 

[YeOldeStonecat]

I've played with IPCop, Pfsense, and Endian..Endian is my current fave..still using it.

 

[MorfiusX]

1 - IPCop
2 - SmoothWall
3 - Endian or m0n0wall

All of these will work in a virtual environment.

 

[ktwebb]

As a general rule any linux distro will work in a VM. At least with VMWare. Can't speak to the MS product. And there may be some that VMWare just can't create virtual drivers for but by and large there is no limitation to distro when your talking about a linux kernel in a VM.

 

[MorfiusX]

MS will run them to. They just draw a line at what they will support.

 

[Nn'theraq'pss]

What OS is the host running? If it's windows, then I'd do something like the following.

1. Unbind everything (esp. TCP/IP) from the physical nic except the VMWare net service.
2. Set up the firewall VM with two nics. Bind one of the nics (external) to the physical nic and use bridging. Set the other up to use a virtual nic (internal).
3. Create a virtual switch.
4. Hook the firewall's virtual nic (internal) to the virtual switch.
5. Hook the server's virtual nic to the virtual switch.
6. Go about setting up the different VMs like they were real machines.

If it's linux, then do everything except for step 1.


So something like
ISP ---> (virtual nic) Firewall VM (virtual nic) ----> Virtual Switch ----> (virtual nic) Host Server

 

[cyr0n_k0r]

3. Create a virtual switch.

There will be only 1 VM and 1 Host machine. Is a virtual switch really necessary? If so, where in VM do you create a virtual switch. I have never heard of this, nor know where to set it up.

 

[MorfiusX]

There will be only 1 VM and 1 Host machine. Is a virtual switch really necessary? If so, where in VM do you create a virtual switch. I have never heard of this, nor know where to set it up.

VMware will create it for you. Yes it is necessary. You have to have a device (virtual or not) functioning at layer two. If you didn't have that device, communication wouldn't work. For example: Host has NIC 1, Guest has NIC 2. If you don't want anyone to know about the host and NIC 1, you can disable TCP/IP on the host. The guest will still function. You have to have a device switching traffic at layer 2 for this to work properly. VMware server has around 12 of these already created. By default, three are set up already: Bridged, Host Only, and NAT. You can use the others to create pretty much any environment you could think of.

 

[cyr0n_k0r]

Im not at the server at the moment but this is how I have it setup. Tell me if this sounds correct.

(Local Connection 1, TCP/IP has been disabled) - windows properties
VMNet0 (linux eth0) (Physical NIC) : 68.x.x.x
VMNet1 (linux eth1) (Virtual NIC) 192.168.1.128


(Local Connection 2, Gateway set to 192.168.1.128) - windows properties
(IP assigned as 192.168.1.129)


So now windows should be routing traffic out of Local Connection 2 under the 192.168.1.129 address which should then be fired off to the VM's 192.168.1.128 Virtual NIC which is then passed though the VM firewall to eventually get routed back outside of the Physical NIC using the IP 68.x.x.x

Does all of this sound correct?

 

[Nn'theraq'pss]

Looks like you got the hang of it.

 

[MrGuvernment]

With the mentioned firewalls can you:


1. Allocating bandwidth throttling to specific ips
2. configure it to auto fail over if you have say a T1 and a cable connection connected to it (cable fails it will auto direct traffic to the T1?)

 

[Farva]

ahhh, gotta love free stuff.

/bookmarks for later