On Monday, 5 June 2017 01:42:40 UTC+1, Drew White wrote: > > So PFSense is NOT the first line of defense then? > It is behind another guest?
It was the first line of defense from Internet threats. But at the same time it was connected to bridges in Fedora netvms that themselves were only connected or to be more precise provided bridging and routing services to an external NIC (for LAN) and internal VMs (some bridged, some routed). The netvms were not connected to the Internet. > How do you set up multiple NICs for it though? Somehow pfSense didn't recognise one of two identical NICs that I delegated to it. So in the end it had only 3 interfaces: one external physical and two internal xen devices to LAN and DMZ. Routing and filtering worked fine in pfSense in this setup. I could have possibly created another bridge vm with the NIC that didn't work but I thought that would be a waste of resources. I didn't have much time to spend on this as the server had to be restored back. I think it's too early now. We should wait for or help implementing HVM netvms in R4.0. Should be trivial then. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/84bc2fce-9bd0-43a2-b391-934eb2eaf53c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
