Mar 21st, 2017
- Hi guys,
- Been a fan for quite a while.. but noticed there was never an update to episode #7 building jails on freebsd.
- I was thinking it would be good to combine something like this article on freebsd.org in regards to passing the pci directly to a vm.
- My system in short has 2 xeon's with 16 cores, 64 gigs of ram and a fast zfs raid stripe array with mirroring and a dual 10g nic.
- What I want to do is create the "ultimate" networking / UTM / security and reporting device.
- So pf firewall, with carp and realayd
- combined with httpd for reporting and UI based on blackbox.. some of the other services I want to incorporate would be like OpenVPN, LibreSSHD, reverse proxy, some sort of ldap/pam authentication. and network tools like Bro and IP2ban.
- It seems like a terrible idea to just go "plunk" everything onto a single host and jail it..
- using a combination of Jails & byhve and essentially creating proxies between all of the services
- Its kind of hard to explain.. but I had a few questions:
- #1 - what would be the best way to separate all of these features and security items?
- #2 - if vm/jails is the best answer, what is the most efficient way to communicate between then?
- #3 - If possible I wanted to install xorg/black box and create a control pannel / ui for all of the services.. what would be the best way to go about that? ie with existing programs. or make it from html/js.. or perhaps perl/python style or maybe scraping all of the configuration files into a template?
- If you have any thoughts or ideas I would love to hear them .. or perhaps even to add that episode / tutorial from way back when :)
- Thanks so much
- keep up the great work!
Please, Sign In to add comment