On Thu, May 21, 2009 at 09:53:16AM -0700, obiozorok...@yahoo.com wrote: > Well I'm certainly no expert in all this and I'm happy to be corrected before > I make any more mistakes with my configuration. Man am I glad I put this post > out because I'm getting such great feedback! > > I'll have to re-think this but I > honestly thought (I guess I'm wrong) that if I my first OpenBSD VM image > running on ESXi as my strong firewall I would be ok. Basically its just a > virtualization of my physical environment but all on one box with 3 VM images. > So my idea was to have second OpenBSD image (not the firewall OpenBSD image) > running with Samba as my Domain Controller and File server, and Email server > and then the third Windows VM running just the custom app. I figured that as > long as all the 'Net traffic hit my first OpenBSD VM and was properly filtered > and controlled by pf, spam greylisting, brute force checked, etc I would be > ok? No?
No. The traffic doesn't hit your vm first; it hits the host os first. Any and all network stack issues there are still in play. > > --- On Thu, 5/21/09, Dag Richards <dagricha...@speakeasy.net> wrote: > > From: Dag Richards <dagricha...@speakeasy.net> > > Subject: Re: OpenBSD ESXi > VMware image on Soekris Net5501 > > To: misc@openbsd.org > > Date: Thursday, May > 21, 2009, 9:24 AM > > Jason Dixon wrote: > > > On Thu, May 21, 2009 at 08:05:52AM > -0700, Obiozor > > Okeke wrote: > > >> Well I should have mentioned that the ESXi > is also > > running a Windows server VM for a custom app that requires > > it. So > the idea was to have one box running ESXi and > > reduce hardware costs. > > > > > > > > > > BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA!!!! > > > > > > > > > *whew* > > > > > > > Thanks, I needed that. > > > > > > Er yes, you will not be able to get there from > here. > > > > Re-think. > > > > > > Don't run vmware on your firewall. > > > > If you > virtualize your entire DC in to a single box, still > > don't run your firewall > as a vm.