Aside from USB-connected storage, this includes devices like printers, Web cameras (a do-it-yourself home security system!), and even audio systems. Support for a wide variety of USB-connectable devices. Some commercial routers now allow you to share storage that's attached directly to the router via USB or eSATA. OpenWrt lets you redefine the functions available to such buttons. Many routers feature built-in hardware elements such as an action button (usually involving Wi-Fi Protected Setup). Special hardware configuration options.OpenWrt includes most of the above features and more: It's a service to allow network tunneling for game consoles - mainly Microsoft's Xbox - so that they can connect to the XLink Kai gaming network. You should use it only if your router and your other network hardware support it, or you'll actually see a net loss in performance. A speed-enhancement system supported by some wireless network devices based on the Broadcom chip set. These include Dnsmasq, a local DNS server that speeds up host-name lookups, as well as support for dynamic DNS providers like TZO, No-IP, and DynDNS. UPnP media streaming is also included as a standard item on just about every DD-WRT build. Most routers have basic QoS management, but some of the DD-WRT builds (mainly the commercially available version) can give you more sophisticated QoS settings, allowing you to specify such items as maximum bandwidth per netmask or MAC address. DD-WRT has native IPv6 functionality, as well as the 6to4 address-translation system. With the world rapidly running out of IPv4 address space, it's nice to know your router can speak IPv6 natively if it has to. You can edit the firewall through DD-WRT's own Web-based interface or use a tool like Firewall Builder to do most of the heavy lifting. Every router these days comes with a firewall, but the one included with DD-WRT is based on the iptables firewall in Linux and thus is extremely powerful and configurable. The KVM pfSense VM will then be setup as the default gateway for a few internal test machines to benchmark and see how good pfSense works.ġ) Are there ways to gain access directly to proxmox host via eth1.Ģ) Are there iptables rules I can setup on the proxmox host to prevent those threats while still allowing traffic to be bridged to the KVM firewall/router.Īny help/feedback would be greatly appreciated.A full list of the features in DD-WRT would spill over to pages on end, but here's a rundown of the most significant and widely used items: So as you can see I'll have one proxmox host connected directly to the internet via eth1 which is a bridge vmbr1, with no IP addresses assigned to that bridge, only to the vm attached to that bridge. PfSense LAN (private net default gateway) -> vmbr0 (private net) -> eth0 -> Internal network WAN -> eth1 -> vmbr1 (no ip) -> pfSense WAN (KVM with public IPs) Here's the configuration on the proxmox host: So now my problem is that I'm not really sure how secure my temporary setup will be and was wondering if anyone has had a similar setup and could share there iptables rules or other tips to secure the proxmox host. So, I setup a test environment using KVM in proxmox to benchmark things and once I'm happy with pfSense I'll purchase dedicated hardware to put in front of the other hardware. I'm thinking about migrating from a hardware firewall/router to pfSense a software solution.
0 Comments
Leave a Reply. |