Guest User

Untitled

a guest
Mar 21st, 2017
213
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Hi guys,
  2.  
  3. Been a fan for quite a while.. but noticed there was never an update to episode #7 building jails on freebsd.
  4.  
  5. I was thinking it would be good to combine something like this article on freebsd.org in regards to passing the pci directly to a vm.
  6.  
  7. https://forums.freebsd.org/threads/50470/
  8.  
  9.  
  10. My system in short has 2 xeon's with 16 cores, 64 gigs of ram and a fast zfs raid stripe array with mirroring and a dual 10g nic.
  11.  
  12. What I want to do is create the "ultimate" networking / UTM / security and reporting device.
  13.  
  14. So pf firewall, with carp and realayd
  15.  
  16. combined with httpd for reporting and UI based on blackbox.. some of the other services I want to incorporate would be like OpenVPN, LibreSSHD, reverse proxy, some sort of ldap/pam authentication. and network tools like Bro and IP2ban.
  17.  
  18. It seems like a terrible idea to just go "plunk" everything onto a single host and jail it..
  19.  
  20. vs
  21.  
  22. using a combination of Jails & byhve and essentially creating proxies between all of the services
  23.  
  24. Its kind of hard to explain.. but I had a few questions:
  25.  
  26.  
  27. #1 - what would be the best way to separate all of these features and security items?
  28. #2 - if vm/jails is the best answer, what is the most efficient way to communicate between then?
  29. #3 - If possible I wanted to install xorg/black box and create a control pannel / ui for all of the services.. what would be the best way to go about that? ie with existing programs. or make it from html/js.. or perhaps perl/python style or maybe scraping all of the configuration files into a template?
  30.  
  31. If you have any thoughts or ideas I would love to hear them .. or perhaps even to add that episode / tutorial from way back when :)
  32.  
  33.  
  34. Thanks so much
  35.  
  36. keep up the great work!
RAW Paste Data