Happy New Year! Over the holidays, I have completed a consolidation of systems here at shorewall.net. I have gone from four physical Linux systems in my office down to two systems. This will decrease the consumption of electricity as well as reduce the noise level. The key elements of the reconfiguration are as follows: 1. I''m now an all SuSE shop, having eliminated both Fedora Core 4 and Debian. 2. I have switched to one-to-one NAT and am no longer using Proxy ARP for my server. 3. My server (lists.shorewall.net aka www1.shorewall.net aka ftp1.shorewall.net) now runs in a virtual machine under Xen on my Linux desktop system. 4. I run Shorewall on my personal desktop in order to isolate the server from my other local systems. Details are available at http://www.shorewall.net/myfiles.htm and http://www.shorewall.net/Xen.html. Please let me know if you see any unexpected behaviour from the new configuration. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom, thanks for the update. As a newcomer to all of this, I would be interested in a few words about why you made some of the changes. For instance, why SuSE as opposed to the other releases, and why you eliminated Proxy Arp. Tnx. Ren Colantoni colanton@lacitycollege.edu -----Original Message----- From: shorewall-users-admin@lists.sourceforge.net on behalf of Tom Eastep Sent: Sun 1/1/2006 10:17 AM To: Shorewall Announcements; Shorewall Users Subject: [Shorewall-users] Changes at shorewall.net Happy New Year! Over the holidays, I have completed a consolidation of systems here at shorewall.net. I have gone from four physical Linux systems in my office down to two systems. This will decrease the consumption of electricity as well as reduce the noise level. The key elements of the reconfiguration are as follows: 1. I''m now an all SuSE shop, having eliminated both Fedora Core 4 and Debian. 2. I have switched to one-to-one NAT and am no longer using Proxy ARP for my server. 3. My server (lists.shorewall.net aka www1.shorewall.net aka ftp1.shorewall.net) now runs in a virtual machine under Xen on my Linux desktop system. 4. I run Shorewall on my personal desktop in order to isolate the server from my other local systems. Details are available at http://www.shorewall.net/myfiles.htm and http://www.shorewall.net/Xen.html. Please let me know if you see any unexpected behaviour from the new configuration. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Sunday 01 January 2006 12:02, Colantoni, Ren wrote:> Tom, thanks for the update. As a newcomer to all of this, I would be > interested in a few words about why you made some of the changes. For > instance, why SuSE as opposed to the other releasesI wanted to standardize on one distribution and I already had SuSE installed on both of my laptops and on my Linux desktop.> and why you eliminated Proxy Arp.Three reasons: a) Setting up a second physical interface undex Xen didn''t look very straightforward. b) The system that I used as a firewall only has three PCI slots and I would have needed four to have a separate DMZ. c) Using Xen allows me to isolate the server from my other local systems, thus overcoming my main objection to having internet-accessible servers in the local network (I already run split DNS so that wasn''t an issue). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
That is really excellent Tom. I was at the verge of buying a dual port ethernet card to overcome the PCI slot limit I''m facing in my shorewall box... I will go for this setup now :-) !! Happy new year !! Peter Tom Eastep wrote:> Happy New Year! > > Over the holidays, I have completed a consolidation of systems here > at shorewall.net. I have gone from four physical Linux systems in > my office down to two systems. This will decrease the consumption > of electricity as well as reduce the noise level. > > The key elements of the reconfiguration are as follows: > > 1. I''m now an all SuSE shop, having eliminated both Fedora Core 4 > and Debian. 2. I have switched to one-to-one NAT and am no longer > using Proxy ARP for my server. 3. My server (lists.shorewall.net > aka www1.shorewall.net aka ftp1.shorewall.net) now runs in a > virtual machine under Xen on my Linux desktop system. 4. I run > Shorewall on my personal desktop in order to isolate the server > from my other local systems. > > Details are available at http://www.shorewall.net/myfiles.htm and > http://www.shorewall.net/Xen.html. > > Please let me know if you see any unexpected behaviour from the new > configuration. > > -Tom------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click