VMWare as host's own firewall

hoba

I'm excited and definately want to see some pics  :D

stechnique

Well the server's just about ready for production.
I opted for a Soekris net4801 afterall, about the same specs as the Alix, and it's smaller than the net5501 I usually take, but I added a HiFn VPN miniPCI card in there because I'm going to have 5 steady IPSEC tunnels pushing 20 Terminal Services connexions and I wanted to make sure my appliance could handle it.

I bolted the firewall board directly into the inside of the server case, soldered the ATX12V connector to the original firewall's power supply jack to power it, and ran some patch cables from the firewall to the NIC and from the firewall out to an IBDN connector the the host could easily have access to plug their jack in.

When I power on the computer, the firewall boots up and since it finishes bootup before the server does, I get my connections working flawlessly during testing.

Will post pictures tomorrow ;)

stechnique

MageMinds

Thanks for the pictures … Great Installation!

Perry

Sweet  8)

GruensFroeschli

wants to start mod his case
Seriously.
This would be just nice.
A server which has per default a pfSense built in.
As long as the embedded board has power….
You could even remotly power up the Server (whyever it should be down) via WOL.

stechnique

You could even remotly power up the Server (whyever it should be down) via WOL.

Excellent idea! I'll have to enable and test it before I move the server to colocation…

stechnique

@stechnique:

You could even remotly power up the Server (whyever it should be down) via WOL.

Excellent idea! I'll have to enable and test it before I move the server to colocation…

Actually not doable, since if the PC is off, the firewall will be too!
Although my host has a remote reboot port which I guess just shuts off and restores power to the computer. That would work…

GruensFroeschli

I was thinking about the Standyby 5V line :)

@http://www.formfactors.org/developer/specs/ATX12V_PSDG_2_2_public_br2.pdf:

3.3.3. +5 VSB
+5 VSB is a standby supply output that is active whenever the AC power is present. It
provides a power source for circuits that must remain operational when the five main DC
output rails are in a disabled state. Example uses include soft power control, Wake on
LAN, wake-on-modem, intrusion detection, or suspend state activities.
The +5 VSB output should be capable of delivering a minimum of 2.5 A at +5 V ± 5% to
external circuits. The power supply must be able to provide the required power during a
"wake up" event. If an external USB device generates the event, there may be peak
currents as high as 3.5A lasting no more than 3 seconds.
Overcurrent protection is required on the +5 VSB output regardless of the output current
rating. This ensures the power supply will not be damaged if external circuits draw more
current than the supply can provide.

12.5 watt shoult be enough to run a soekris.
Maybe check what continuous current your PSU can deliver on the VSB line.

MindTwist

Nice setup!  :D

omegadraconis

VEry nice setup. I would make on suggestion for anyone else who does something similar, grab an internal face lan card (http://www.weirdstuff.com/cgi-bin/item/11508). I used one in my router to go to an wireless access point I had in the same case.

stechnique

Nice card, didn't know they made anything like this.
In my case though the onboard gigabit NIC is probably much better than this 5$ card, but for lower end server I always take cheap Realtek cards.
Thanks for the link.