I wrote about the home based DMZ architecture I used, but that entry focused more on how the network was laid out. This post will discuss the designs I played with but didn't use for my home network architecture. My blog shows a three tier architecture in use, which consists of a client facing tier, an application tier, and a database tier. These three tiers are separate virtual machines, totaling four virtual machines on one server. The computer running those only has three gigabytes of RAM and I actually wanted 9 virtual machines. So I solved this problem of stuffing all of these virtual machines into three gigabytes by using operating system-level virtualization. This type of virtualization tends to be extremely efficient since it uses one virtual machine and lets the operating system partition off the virtual servers.
I used OpenBSD and OpenBSD's packet filter (pf), to manage all of the Solaris Zones and FreeBSD jails. I thought about some other offshoot designs. The first design was to simply do the whole thing on one virtualized server. I could have put the firewall rules into the Solaris or FreeBSD host machine and used only one VM, but I found I liked working with separate pieces that made changing one part without harming others something I couldn't resist working with. You have many choices.
Simiar articles
- Home Network Features (azcrumpty.wordpress.com)
- Home Network With DMZ (azcrumpty.wordpress.com)
OpenBSD ifconfig Output
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 08:00:27:57:24:6b
groups: egress
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 192.168.1.20 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::a00:27ff:fe57:246b%em0 prefixlen 64 scopeid 0x1
inet6 2002:43a4:a7f0:0:a00:27ff:fe57:246b prefixlen 64 autoconf pltime 16 vltime 26
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 08:00:27:fb:e9:df
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 192.168.8.1 netmask 0xffffff00 broadcast 192.168.8.255
inet6 fe80::a00:27ff:fefb:e9df%em1 prefixlen 64 scopeid 0x2
em2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 08:00:27:68:63:2a
media: Ethernet autoselect (1000baseT full-duplex)
status: activea
inet 192.168.10.1 netmask 0xffffff00 broadcast 192.168.10.255
inet6 fe80::a00:27ff:fe68:632a%em2 prefixlen 64 scopeid 0x3
em3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 08:00:27:a3:ad:7c
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 192.168.12.1 netmask 0xffffff00 broadcast 192.168.12.255
inet6 fe80::a00:27ff:fea3:ad7c%em3 prefixlen 64 scopeid 0x4
enc0: flags=0<> mtu 1536
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33204
groups: pflog