complex net setup for virtualbox; advice needed
Hi,
I *did* read the manual, but I'm a bit confused nonetheless.
I have a fairly up-to-date ubuntu 8.4 host.
I have two real NICs on my host.
One is connected to a small home net (eth0:192.168.0.x) and the other is connected to my ISP (eth1:192.
I need to use an OpenVPN tunnel to get to the Internet this exactly means i must:
- use eth1 to as gateway to a well defined server in my ISP's non routable address space
/sbin/route add -host 192.168.xx.yy gateway 192.168.120.1
- start an OpenVPN tunnel with that host and that will give me a routable address
/usr/bin/openvpn --daemon --dev tap0 --writepid /var/run/
--remote 192.168.xx.yy 11949 --ifconfig my.end.ip.no 255.255.255.252 \
--route-gateway isp.end.ip.no --redirect-gateway local --secret /some/place/key \
--no-replay --ping 10 --ping-restart 60 --verb 1 --mute 10
- use the newly created tap0 as default gateway
I would like to use virtualbox to implement is the following:
A) Install a dedicated firewall distribution (pfsense) with three logical NICs:
1) connected to the Internet
2) connected to the home LAN
3) connected to a private DMZ LAN
B) Install a dedicated Web server (Apache+FTPd,+...) with just:
1) logical NIC connected to the DMZ private net.
I understand I should build three bridges (WAN, LAN and DMZ) in the host and four virtual NICs (three for the router/firewall and one for the WebServer), but I'm more than a bit confused because it seems to exist several different ways to do this and I cannot understand which is the "ubuntu approved" (or simply coherent!) way. Here are my doubts:
a) should I run OpenVPN on the host, creating /dev/tap device and then I should bridge it to the virtual device A1? or can I just attach A1 to the tap device created with OpenVPN? Can this be done? or should I just bridge the ISP NIC (eth1) to the router/firewall VBox and run OpenVPN there?
b) is there a way to prevent the host from using the created tap device? I would like to avoid bypassing the firewall!
c) DMZ should be clear: create one bridge (brDMZ) and two host interfaces (DMZ0 & DMZ1) and then bind them together.
in /etc/network/
auto brDMZ
iface brDMZ inet dhcp
bridge_ports
then:
VBoxAddIF DMZ0 mauro brDMZ
VBoxAddIF DMZ1 mauro brDMZ
d) The LAN interface should also be clear:
in /etc/network/
auto brLAN
iface brLAN inet dhcp
bridge_ports eth0
then:
VBoxAddIF LAN0 mauro brLAN
e) how do I make sure the ISP interface (192.168.120.x) is used only by OpenVPN? can I do this?
f) Is this correct? Will any of this work?
Can someone be so kind to point me in the right direction, please?
Thanks in Advance
mauro
Question information
- Language:
- English Edit question
- Status:
- Solved
- Assignee:
- No assignee Edit question
- Solved by:
- mc5686
- Solved:
- Last query:
- Last reply: