[SATLUG] virtual router

Samuel Leon satlug at net153.net
Thu Nov 12 09:47:37 CST 2009


Todd W. Bucy wrote:
> A while back I made the comment that I was thinking about virtualizing 
> my router.  Some one made the point that this was not a good idea.  
> Unfortunately, there was little explanation why this was a bad idea and 
> I neglected to seek clarification at the time.  I am still thinking of 
> doing this but the previous comment has given me pause.  Are there 
> inherent security risks for doing so?  I am using proxmox ve as my host 
> and I intend to use pfsense as a fully virtualized KVM guest.
> 
> thanks in advance
> 
> Todd

I did this recently with Xen.  Used debian lenny as the dom0. Used lenny 
again for the domU with shorewall, squid, dansguardian, and dnsmasq as 
the virtual router.  Have another domU with lenny for my web,mail, dns 
server.  Followed this http://www.shorewall.net/XenMyWay.html and this: 
http://wiki.debian.org/Xen

Xen configures all network cards into bridge mode.  I only have the dom0 
host configured on one nic which faces the lan.  So the host can only 
communicate directly with computers on the lan.  The shorewall domU is 
the only virtual machine that listens on the nic that has the cable 
modem plugged into it and all of the routing takes place within the 
shorewall domU.

Sam


More information about the SATLUG mailing list