0

I am running an Ubuntu Server 12.10 as a single host connected to a NATed router connected using PPPoE to a optical fiber modem. This server is meant to be accessed from the Internet, but also to be used from the LAN as a SVN, MySQL and what not...

The issue is that the router is not customizable enough to serve, so I was thinking about creating a virtual pfSense firewall using KVM inside of the server itself, removing the need of the router. Is this possible? Can the host ignore and block all traffic coming to itself, but not for the firewall?

I am aware this is not the most desirable environment, I accept suggestions based on budget!

manutenfruits
  • 121
  • 3

1 Answers1

1

Yes, you can run a firewall as a virtual machine within this environment.

Before doing so, I'd ideally like to see a couple of NICs dedicated to the firewall VM (SR-IOV is nice, try it!) and additional security such as sVirt running at the hypervisor level to protect VMs from each other.

See also Hardware firewall vs VMware firewall appliance for further discussion.

Community
  • 1
Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • The host has 3 NICs, but why would I need them (the host is the only one behind the firewall)? I just need to protect the hypervisor. My problem is trying to find an example of a similar setup using iptables to deny all traffic except what comes out of the virtual firewall – manutenfruits Nov 15 '12 at 08:49