ProxMox-VE server with Internal and Public facing servers

[Petrus4]

Hi I am trying to configure a few public facing servers and a few private servers on the same proxmox-ve box.

• I have two nics on the proxmox-ve box
• I am running a cisco pix with DMZ

How can I best configure the proxmox-ve box to securely run my internal and public facing VM's?

 

[dietmar]

I guess you split the two network on the cisco PIX firewall. IMHO it makes no sense to join them again, at least this is not very secure. Instead use 2 different servers.

 

[Petrus4]

I guess you split the two network on the cisco PIX firewall. IMHO it makes no sense to join them again, at least this is not very secure. Instead use 2 different servers.

hmm.. do you mean use two separate proxmox-ve servers one for public facing VMs in the DMZ and one for private VMs on the internal network and have them totally separate?

 

[dietmar]

hmm.. do you mean use two separate proxmox-ve servers one for public facing VMs in the DMZ and one for private VMs on the internal network and have them totally separate?

yes, that is a secure solution.

Else, you can configure:

vmbr0 => eth0 (internal)

vmbr1 => eth1 (DMZ)

but then you have to make sure that there is no route between vmbr0 and vmbr1 (but your proxmox-ve can see packtes from both networks). IMHO this is error prone and thus not secure.