Topic: my 2 cents for a 3th (wireless)nic

[HomePlayer]

First let me say love SME bin here sins ver. 4.1 something, still a noob what Linux concerns.

I have VMware running on my server (7.2 server and gateway) not only for testing also for this Enspeed SUGAR
for some testing i installed also a MS XP virtual machine, i plugged in a wireless usb stick (Netgear wg111v2) told VMware to connect this USB to the MS XP machine, and well this works,

So all we need is a USB eth adapter a good (Linux) small lite VMguest system that can deal whit usb nics,
then I think me not sure, that you could config this in many ways, internet only for your wireless connections, routed to or whatever you desire. I just need a good very good firewall
Some questions;
1 is VMware a security risk, not taking about its guest systems
2 is Enspeed SUGAR save for a company, someone knows it?
3 what os/distro can best be used for the above

[arne]

How did you install the vmware on the SME 7.2 ? (Is there a how-to that is working ?) Which vmware product are you using, is it the vmware server for Linux ? Do you then administrate it from a remote client ? (A Windows client ?)

I have until now only tested with vmware workstation + server + player on Windows XP and with diverse Linux distros including SME 7.2 as guest opetating systems. (Pluss also a few teststs from Ubuntu Linux with Gnome.)

When it comes to the "driver things" it is my impression that when vmware is running on Windows, it is the Windows (host) operating system that performs all "the tasks done by drivers", so that the "interface" that the guest operating system "will see" is only a "standardized wmware interface".

When running SME server a a virtual guest system under Windows/wmware it is no problem at all to switch between a wireless and a wired connection as the connection the the virtual sme server will "see" still, all the time will be the "virtual eth0". (So that the virtual sme server will go wireless with no need to think about the wireless connection at all.)

The security issue is an interesing one. I havent seen any documentation at that. (And I really don't know...)

I have never tried to run vmware from a text based Linux distro like the SME server (..and would be very pleased to try that.)

[crazybob]

Take a look at http://wiki.contribs.org/Vmware

I used it to install vmware. There is a windows based console available from vmware.

Bob

[arne]

Thanks for interesting information.

Found something about security here: http://secunia.com/advisories/26890/

Arne.

[raem]

arne

This may be of interest to you re alternative firewall scripts.

http://www.hanscees.com/sme7/iptables4sme7.html

[arne]

Thanks a lot for interesting link !

I have to admit that my 3 Nic SME 7.2 actually works rock stable and perfectly well, without a problem, like that the SME server use to do.

Actually I do not use the 3'rd nic so much. The more usefull part of my new firewall is the port redirect function that gives me remote control, ssh tunneling, file transfere, ip telephony, etc from rather restricted hot spots and wlans. Actually this rather usefull function could be rather easy implemented into the existing template based firewall. (Putty and WinSCP against sshd on port tcp 443, for remote control, file transfer and tunneling, and Asterisk for ip telephony at UDP port 53.)

I have had one single issue with my new firewall arrangement. In the old days it used to be a problem to do some web based uploads, and it was neccessary to releaf some security function. I think that normally this is not a problem with the SME 7.2, but after rearanging the firewall, the only noticed side effect is that this restriction has apeared to returned back. (But as WinSCP can be used instead this is not a big issue.)

By the way - even though it works quite well using a wired 3 NIC soultion, it did not work wery well when installing the wireless NIC directly into the hardware. I think it is a more practical solution to set up the third safe sone using 3 wired NIC's and then apply a wireless access point connected to the 3'rd NIC. (So that all problems related to packet encryption, radio frequences etc will then be left to the wireless access point box.)