[mdlug] linux firewall/vpn package like monowall

Michael Mol mikemol at gmail.com
Mon May 14 12:26:01 EDT 2012


On Mon, May 14, 2012 at 11:44 AM, Adam Tauno Williams
<awilliam at whitemice.org> wrote:
> On Mon, 2012-05-14 at 11:25 -0400, Michael Mol wrote:
>> On Mon, May 14, 2012 at 11:20 AM, Adam Tauno Williams
>> <awilliam at whitemice.org> wrote:
>> >> one suggestion he got was to have a pair of VMs, one running the app
>> >> and another running as a dedicated firewall/VPN.
>> > Linode offers some kind of private network / back-end.  I've never used
>> > it.  That can be used for database replaction, building fail-over
>> > systems, etc....
>> > <http://blog.linode.com/2008/03/14/private-back-end-network-support/>
>> >> any suggestions for relatively simple firewall/vpn configuration tools
>> >> that can be installed in a VM image from one of the big distros?
>> >> rackspace in particular provides a fairly comprehensive list of linux
>> >> distros, but from what i can tell you can't just install your own
>> >> distro in a VM.  So, a dedicated distribution like monowall wouldn't
>> >> work.  iirc monowall is freebsd-based anyway, but you get the idea.
>> > I don't see any purpose or role for these dedicate purpose
>> > distributions.  I just install a minimal OS and then install the
>> > packages I need - that isn't hard.  On openSUSE / SUSE the Yast
>> > administration tool will setup 99.44% of what you need.  Yast supports
>> > OpenVPN and (I believe) IPsec.
>> The chief advantage to dedicated-purpose distros: You don't need to be
>> fluent with what it does in order to get the thing to work.
>
> Yea,  I've now been doing this for twenty years... and I don't buy it.
> "You don't need to be fluent with what it does" until it doesn't do it.
> Then your hobbled with a stripped down tool-chain and
> hidden-under-the-covers hacks.

Absolutely. But you can't _convince_ people of that until they've
burned themselves.

-- 
:wq



More information about the mdlug mailing list