[nzlug] Server Consolidation

Nevyn nevynh at gmail.com
Wed Nov 14 18:02:04 NZDT 2007 

On Nov 13, 2007 8:30 PM, Nick Rout <nick at rout.co.nz> wrote:
>
>
> On Wed, November 14, 2007 5:17 pm, Nevyn wrote:
> > On Nov 13, 2007 7:57 PM, Dirk Pilat <pilatdirk at mac.com> wrote:
> >> On Wed, 14 Nov 2007 14:28:36 +1300, Nevyn <nevynh at gmail.com> wrote:
> >>
> >> > I was wondering if anyone knew of a decent tutorial on running IPCop
> >> > within a virtual machine on the file server so that I can reduce my
> >> > electricity bill and the noise in my room and anything relating to the
> >> > security of doing such a thing. I've noticed in the list of packages
> >> > IPCop now has vmware-tools so I'm pretty sure it can be done securely.
> >>
> >>
> >> I am probably going to get stoned here, but why not use OpenBSD as
> >> server
> >> and firewall. As far as I know, pf and NAT together with Theo's
> >> clampdown
> >> on unnecessary daemons should make it pretty watertight, and if you want
> >> to, pkg_add will deliver all the functionality of an Ubuntu server
> >>
> >>
> >> Dirk
> >
> > Very simple explanation as to why I'm not using BSD support. The
> > majority of the cool kids out there seem to be using Linux which means
> > if I have a question, I've got a bigger pool of people to help as well
> > as there being more development aimed towards Linux. I did want to
> > have a look at BSD at some stage but had a few hardware issues so gave
> > up on it. I'm not sure that the advantages of BSD are worth the
> > headaches that I was experiencing. Mind you, this was a couple of
> > years ago when Red Hat 7.3 was my distro of choice.
>
>
> Not sure how ipcop would go virtualised. I use it to provide pretty
> essential services on my LAN - besides firewall/net connectivity it
> provides DNS and DHCP.
>
> Therefore its pretty well the machine that needs to be up and going first
> and foremost. If it was in a virtual machine, how would the host machine
> get an ip address when it boots (and the virtual machine dhcp server is
> down).
>
> As far as cutting down on power/heat/noise, the solution might be to put
> ipcop on a smaller machine like a soekris box. Soekris sell 12v 1A power
> supplies for all but their more powerful machines, so I guess you are not
> going to use any more than 12W, probably far less.
>
> Usual wisdom is not to run your web/ftp/mail etc server on your firewall,
> so the people that suggested just using ptables on the ubuntu box are a
> bit wide of the mark IMHO.
>
> --
> Nick Rout

In terms of the IP Address - the host machine would have to use a
static IP on that basis. On the plus side, if something goes wrong
with the DHCP server, that machine would still be accessible. I try to
do as much administration remotely (despite the box being just across
the room).

More information about the NZLUG mailing list