entr0py: > taii...@gmx.com: >> On 11/13/2016 07:39 PM, entr0py wrote: >>> taii...@gmx.com: >>>> You can use a VMM with a pfsense VM and separate driver domains >>>> for the network interfaces, qubes isn't a router operating >>>> system... >>> >>> Is there an inherent reason that Qubes should not be used as a >>> router? >> >> - I really don't know how to reply to this > > I can't tell if your reticence is indignance or if my question just > can't be answered for some reason but it was meant to be a sincere > question. Admittedly I know very little about this but AFAIK pfSense > is just a front-end to manage filters with extensibility features. I > don't know enough to discuss the relative merits of PF vs iptables, > but I don't see any reason why a Qubes router wouldn't work since > Debian based "router operating systems" do exist. Is it a question of > reliability, complexity, ...? I just need a machine that can route > and filter traffic and not get compromised in the process - or am I > missing something? I wouldn't know the first thing about BSD or > virtual driver domains, whereas I've become comfortable chaining > Qubes proxyVMs and using iptables. >
>From advice I've received: the overhead introduced by Qubes (inter-vm >operability, gui features) aren't necessary in a router that is largely >non-interactive and headless. My guess is that a cost-effective solution for now would be to use 2012 AMD hardware running Xen / KVM. Analogous to Qubes, it would have fat net VMs, minimal proxy VMs and a firewall VM (BSD or otherwise) in-between. Both Xen & KVM support ARM so the forward-looking solution might be to combine Xen with something like MirageOS appliances (https://mirage.io/wiki/xen-on-cubieboard2) on an ARM device. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4495f539-a266-736a-6ab7-7505d7aa8762%40gmail.com. For more options, visit https://groups.google.com/d/optout.
