Re: Can we run a qemu instance as a dedicated home network firewall?

To: debian-user@lists.debian.org
Subject: Re: Can we run a qemu instance as a dedicated home network firewall?
From: T o n g <mlist4suntong@yahoo.com>
Date: Mon, 31 Mar 2008 14:22:01 +0000 (UTC)
Message-id: <[🔎] fsqs28$m4f$3@ger.gmane.org>
References: <[🔎] 20080330152026.GB10652@earthlink.net>

On Sun, 30 Mar 2008 11:20:26 -0400, Mitchell Laks wrote:

> Can we use a virtual qemu linux machine as a firewall for 
> a real home network?
> 
> I have a small network at home, with a few desktops and a DMZ and 
> a linux firewall machine.
> 
> Now that virtualization is working for me, via qemu, I would like to get rid
> of all the old equipment that I use for little tasks.
> 
> Ie I have 
> 1) old 486 machine F used as dedicated arno-firetables firewall.
> 2) old 486 machine D used as dedicated web server in DMZ.
> 3) plus a few workstations on a LAN call them A, B C.
> 
> Internet -> firewall machine F -> local LAN ->machines A, B, C
> 	    	     	       -> DMZ ->web server on D
> 
> 1. Here F does NAT for machines A, B, C on 192.168.100.* .
> 2. While F gets an outside  internet IP via dhcp from my cable provider.
> 3. F  has 2 physical NIC cards.
>  
> My question is: 
> Can I replace F (and D) by virtual machines running on one of my desktop 
> machines A?

Sure NP. But if I were you, I'd keep those old equipment, for firewall at
least. Keep them headless, using virtual keyboard to config (Ah, forgot
the link!).

Anyway, if you do want to get rid of all the old equipments, qemu
virtualization might not be the best solution. Give Linux-VServer a look,

http://xpt.sourceforge.net/techdocs/nix/virtual/vt03-LinuxVServerInfo/

"Linux-VServer is a jail mechanism in that it can be used to securely
partition resources on a computer system (such as the file system, CPU
time, network addresses and memory) in such a way that processes cannot
mount a denial-of-service attack on anything outside their partition. "

It will "share the same system call interface and do not have any emulation
overhead". "Virtual private servers are commonly used in web hosting
services, where they are useful for segregating customer accounts, pooling
resources and containing any potential security breaches". Special care
has been taken to save HD space. 

HTH

-- 
Tong (remove underscore(s) to reply)
  http://xpt.sourceforge.net/techdocs/
  http://xpt.sourceforge.net/tools/

Reply to:

References:
- Can we run a qemu instance as a dedicated home network firewall?
  - From: Mitchell Laks <mlaks@post.harvard.edu>

Prev by Date: What is this ata exception
Next by Date: Wireless
Previous by thread: Re: Can we run a qemu instance as a dedicated home network firewall?
Next by thread: Cron Daemon backup message too big
Index(es):
- Date
- Thread