Monitoring my LAN: hardware + software?
-
Yeah you could clearly do that - I run pfsense virtual on a N40L, updated the ram and added 3 more nics.. So I can have multiple network segments other than just wan and lan.
I run esxi on it, its the business version of vmware workstation or player. Its free! you can download it from vmware.
Your only limitation on the number of machines you could run would be cpu power and ram. The N40L is not a power horse when it comes to cpu, and only have 8GB of ram, but I run pfsense and my nas and a linux distro 24/7/365 without any issues and also run other vms now and then when testing or doing something that needs them. Currently also running vserver (monitors and controls esxi) but you don't need to run that and can't really if your only on the free version.
You could also the free microsoft way and use hyper-V, also can be gotten FREE.
Thanks John ;D
So I spent some time googling the 'esxi'. As I only have a limited brain ( :-) I am having a little trouble grasping the concept. I of course do understand that the 'master OS' of my hardware then would not be PFsense, but esxi. The 'slave'-OS inside would be PFsense, and for example Nagios. But what I don't understand is this:
The master-OS controls the NICS. Yet PFsense has to issue a LAN-IP to the master-OS. So, in sequence of booting, FIRST the master-OS needs to have a LAN-IP, but this will be only be issued AFTER the 'slave'-OS, PFsense, has booted. I know I am having trouble explaining exactly my point (my limited brain ;D), I hope you understand what I mean.
Furthermore, currently my mobo (in my sig) has a dual NIC. Do I need to put in extra NICs for this to work?
And is it generally considered safe to operate PFsense like this? I've read somewhere that 'it is good practice' to keep your IPS on a dedicated box, but 'good practice' costs money and this is simply soho. What could go wrong from a security perspective? I take it the ESXI keeps the virtual machines completely separated (just like FreeBSD jails), so why should I need to have separate boxes?
It is not easy to be an IT-noob ;D ;D ;D
Thank you again, John :D
-
Don't forget to have a look on observium:
http://observium.org/wiki/Main_Page
Thank you ;D
-
"The master-OS controls the NICS. Yet PFsense has to issue a LAN-IP to the master-OS"
What? No why would you think that esxi would use dhcp on its interface used to control esxi? And who says it even has to be in on same lan segment as pfsense?
And master/slave is not the correct terms for talking about virtual machine and the host they run on, etc.
As to safe? We are not talking a DOD facility are we? Not sure what you feel the concerns would be.. Pfsense is a VM, it is completely isolated from the host os and other vms oses, etc.
Lets see if we can make it a little less hazy for your limited brain. Will use my setup as example. Keep in mind you can do this with only 2 nics - one wan, one lan and your vmkern and lan can be on the same vswitch tied to the physical lan nic. I just broke mine out to its own physical nic because I have 4 to play with. And uploading to the storage on the esxi does take a performance hit when shared on the same vswitch..
So you see vmnic0 this is tied to the Management nework, and this is the IP I use to access the host OS either via gui or ssh, etc. This is how you manage the host. Now this network that vmnic0 is connected does not have to be the same network that your VMs or other physical hosts are on. Its actually recommend from a security point of view that this be an isolated network.. But there is nothing say it has to be. You set your HOST ip statically to whatever network that is going to be on.
Now in my case this network 192.168.1.0/24 is the same I run my normal lan on, and this same lan that pfsense is connected too. See vmnic2 that is connected to vswitch3 (LAN) You see all the Vms that have an interface connected to this virtual switch. That nic is connected to the same physical network as vmnic0.. This is my lan.. And VMs get IPs via dhcp from pfsense, and so do other physical devices connected to the same switch vmnic2 and vmnic0 are connected too.
Pfsense is the gateway off this lan, but it has nothing to do with assigning an IP to the host, and mine just happen to be on the same network. Now if your machine is dhcp on this network, and pfsense vm does not come up. Then you would just need to give a machine an IP on that 192.168.1.0/24 network so you could connect to the host and troubleshoot. I run my normal workstation as static anyway.. So that would never be an issue for me.
Now you see the Wan, vswitch1 - this is connected to vmnic1 and is connected to my cable modem. The HOST does not use this nic, it is only connected to the vswitch and any vms that are connected to this vswitch. As you can see only pfsense has a interface connected to this – its wan interface.
Now I also have a wlan segment, connected to vswith2 on vmnic3 (physical nic on the host) This segment is physically different than my lan, and that nic is connected to a different switch where my wireless access points are connect. pfsense has a interface in this network as well - so that they can access the internet, and allows me to firewall between my lan and my wireless segments.
Then I have a dmz switch that is not connected to the physical network. See no adapters connected to that vswitch. But I can connect virtual machines to this switch so they can talk to each other on this network. So you see I have pfsense interface on that vswitch along with couple other vms, etc.
See all the vms connected to the lan vswitch. Any one those could be running any OS you want, and using any monitoring software you wanted to run on it. It could then monitor your pfsense vm via the interface pfsense has connected to that vswitch. Or since that vswitch is connected to the physical world via a real network adapter in the host - the vm could monitor any system on the physical network.
Hope that help??
-
Many LAN Monitoing Software are available in the internet.
Such as:
http://download.cnet.com/LAN-Employee-Monitor/3000-2162_4-10860381.html
http://www.lan-monitoring.com/
http://www.qqmonitor.com/lan-spy-monitor.htm
http://www.mysuperspy.com/lan-monitoring-software.htm -
Lets see if we can make it a little less hazy for your limited brain.
Your reply must have complete stayed of my radar, John; thank you very much for giving this explanation. I will study it and see where I get stuck
-
Off your radar for almost a year and a half?? Really? Were you in prison, do couple of tours in iraq? Secret mission to mars? Coma?
-
Off your radar for almost a year and a half?? Really? Were you in prison, do couple of tours in iraq? Secret mission to mars? Coma?
No, I'm an economist.
-
No, I'm an economist.
Nobody could imagine it would be that bad.
-
@KOM:
No, I'm an economist.
Nobody could imagine it would be that bad.
Yut, knowing what I know now I'd much rather had become a Vet. Now I'm a company doctor, being an animal doctor has a larger ROI.
However, luckily we are not on the bottom of the ladder, it could be worse: I could have been a self proclaimed 'IT-expert', with a pile of 'for Dummies' on my desk.
-
MBA
-
-
Me? A Master of Bugger-All? No. I'm a college dropout who just happened to be a major computer weenie and jack of all computer trades.
-
@KOM:
A Master of Bugger-All?
Didn't know that one ;D
Seems you've met some of the victims of the college bubble, with their 'MBA's'. They've paid heavy money to learn basic accounting (basic!), and some ratio formulas to assess a balance sheet (they were screwed as nobody ever told them they were looking at an irrelevant balance sheet…).
Yet, I know how much IT-people feel disgusted about us economists.
They mix up bankers (not economists, we warn about the messes governments create since about a millenium ago...) with us, they think we are stupid since we 'don't understand the economy'. Yet: IT-people work with 4-10 variables, we with hundreds, and sometimes even thousands. There's even medical doctors that admit our job is way more difficult than theirs (and theirs is very extremely difficult too).
Who cares: in the end hire and fire IT-people, based on efficiency and effectiveness of the the proposals is all that matters ;D ;D ;D ;D ;D
