[ubuntu-za] Firewall as Virtual guest

Charl Wentzel charl.wentzel at vodamail.co.za
Mon Sep 13 16:39:46 BST 2010

Hi Guys

I need to break some rules here. Normally you setup a firewall separate
from your virtual host running your other servers, but in my case I can
only install one machine which needs to be a virtual host that includes
the firewall.

So I'm thinking the best way to do this is create the firewall as a
virtual guest on the server and then bridge the internet facing port to
the firewall only.  I can then create a virtual network to connect all
the other machines to the firewall.

So resulting network would look something like this:

a. Internet --> Virtual Host(eth0/br0) --> Firewall Guest(br0)
b. Firewall Guest --> Virtual Network(virbr0) --> Virtual Machines
c. Virtual Host(eth1) --> External Network Switch --> External machines

The cool thing is that only other virtual guests and the host will have
access to the internet through the firewall VM.  This protects my
internet connection from abuse by other machines on the external network
connected to the other port on the virtual host

The bad thing is that the virtual host is connected directly to the
Internet and counter measures should be taken.

So what would the best precautions I could take, e.g. 
a. install ufw on Virtual Host and block everything in and out on eth0
b. etc.
(please add to list)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-za/attachments/20100913/0fa3a260/attachment.htm 

More information about the ubuntu-za mailing list