[mdlug] linux firewall/vpn package like monowall

Adam Tauno Williams awilliam at whitemice.org
Mon May 14 11:44:40 EDT 2012


On Mon, 2012-05-14 at 11:25 -0400, Michael Mol wrote: 
> On Mon, May 14, 2012 at 11:20 AM, Adam Tauno Williams
> <awilliam at whitemice.org> wrote:
> >> one suggestion he got was to have a pair of VMs, one running the app
> >> and another running as a dedicated firewall/VPN.
> > Linode offers some kind of private network / back-end.  I've never used
> > it.  That can be used for database replaction, building fail-over
> > systems, etc....
> > <http://blog.linode.com/2008/03/14/private-back-end-network-support/>
> >> any suggestions for relatively simple firewall/vpn configuration tools
> >> that can be installed in a VM image from one of the big distros?
> >> rackspace in particular provides a fairly comprehensive list of linux
> >> distros, but from what i can tell you can't just install your own
> >> distro in a VM.  So, a dedicated distribution like monowall wouldn't
> >> work.  iirc monowall is freebsd-based anyway, but you get the idea.
> > I don't see any purpose or role for these dedicate purpose
> > distributions.  I just install a minimal OS and then install the
> > packages I need - that isn't hard.  On openSUSE / SUSE the Yast
> > administration tool will setup 99.44% of what you need.  Yast supports
> > OpenVPN and (I believe) IPsec.
> The chief advantage to dedicated-purpose distros: You don't need to be
> fluent with what it does in order to get the thing to work.

Yea,  I've now been doing this for twenty years... and I don't buy it.
"You don't need to be fluent with what it does" until it doesn't do it.
Then your hobbled with a stripped down tool-chain and
hidden-under-the-covers hacks.

That limitation... with no upside.  Mainline distributions generally
provided excellent provisioning tools for common services.  The [human]
problem is that for some unknown reason a section of the users refuse to
use them or even be aware of them.  But they'll be happy if you give
them a fragile and kludgy 'web admin' interface thrown on top of a
"single purpose distribution".  At the same time web-yast sits there,
well tested, packaged, and comprehensive - waiting to be used [or even
better, do your configuration over SSH and leave the web out of it].

> The chief disadvantage to dedicated-purpose distros: You can't get the
> thing to do what you want once you're fluent with what it does.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://mdlug.org/pipermail/mdlug/attachments/20120514/85dc22cc/attachment-0001.sig>


More information about the mdlug mailing list