Koozali.org: home of the SME Server
Obsolete Releases => SME Server 8.x => Topic started by: newburns on January 05, 2013, 10:27:23 PM
-
I want to dive into vm using Proxmox as a host. I am confused about one thing before I purchase all this equipment for my new endeavor( https://secure.newegg.com/WishList/MySavedWishDetail.aspx?ID=29472728 ).
::EDIT::
Just in case someone was interested in helping me in my hardware configuration, the RAID controller card listed in the Wish List is there for numbers only. The actual card being purchased is a Asus PIKE 2108.
How will I set up my SME guest as the server/gateway for the complete network?
My initial setup will be a restoration from my current setup.
Currently,
WAN is connected to SME via eth0
LAN is connected to SME via eth1
Guest WLAN is connected to SME via eth2 by way of CoovaChilli ( http://wiki.contribs.org/CoovaChilli )
I want to repeat this setup through Proxmox VM. So my proxmox will be receiving DHCP from guest SME DHCP Server.
I will be restoring via AFFA, and eventually I will add my current SME box to a Proxmox cluster, and putting my SME install back onto the original box, with Proxmox as host.
Again::::
Initial issue - SME is barebones on my best server equipment and cannot install Red5, Moodle 2.4, or PlexMediaServer
Solution - Install Proxmox and run Centos 6 as well as SME
Dilemma - Current SME is production and no other equipment is available for use. VM is not installed to make 2 virtual servers available.
- New equipment will have Proxmox VM, but SME install needs to be moved to new equipment as well. SME is current Gateway/Server mode
-
I want to dive into vm using Proxmox as a host. I am confused about one thing before I purchase all this equipment for my new endeavor( https://secure.newegg.com/WishList/MySavedWishDetail.aspx?ID=29472728 (https://secure.newegg.com/WishList/MySavedWishDetail.aspx?ID=29472728) ).
::EDIT::
Just in case someone was interested in helping me in my hardware configuration, the RAID controller card listed in the Wish List is there for numbers only. The actual card being purchased is a Asus PIKE 2108.
be sure it's a REAL HW raid controller and not a fake-raid one.. and, of course, be sure it's fully supported by Proxmox
I suggest you to buy brand hw (HP for example, never had an issue)
BTW, following your link will lead to a login form :-)
How will I set up my SME guest as the server/gateway for the complete network?
My initial setup will be a restoration from my current setup.
Currently,
WAN is connected to SME via eth0
LAN is connected to SME via eth1
Guest WLAN is connected to SME via eth2 by way of CoovaChilli ( http://wiki.contribs.org/CoovaChilli (http://wiki.contribs.org/CoovaChilli) )
your virtual SME will have 3 virtual network adapter.. be aware that a firewall on shared physical/virtual adapter is not recommended (google will help you, but you can start from proxmox's forums)
I want to repeat this setup through Proxmox VM. So my proxmox will be receiving DHCP from guest SME DHCP Server.
that's bad.. and I think it won't work.. proxmox should have one (or more than one) static/fixed ip and should not wait for a dhcp server to come up.. what if your virtual SME won't start?
I will be restoring via AFFA, and eventually I will add my current SME box to a Proxmox cluster, and putting my SME install back onto the original box, with Proxmox as host.
Again::::
Initial issue - SME is barebones on my best server equipment and cannot install Red5, Moodle 2.4, or PlexMediaServer
Solution - Install Proxmox and run Centos 6 as well as SME
Dilemma - Current SME is production and no other equipment is available for use. VM is not installed to make 2 virtual servers available.
- New equipment will have Proxmox VM, but SME install needs to be moved to new equipment as well. SME is current Gateway/Server mode
ok.. I would install proxmox, study its documentation, make some tests with a SME virtual machine..
when I feel confortable with the new O.S., I would install a new SME, move all tha data on it with affa, make it my production server..
you can not expect to to all in 3 hours..
if your SME is actually your production server and you can not suffer a long downtime, you should invest some days to test, repeat, understand, break, fix and so on..
you shoul also search and read proxmox's support forums.. you'll find many helpfull hints
all IMVHO
HTH
-
So I will need another server running as a gateway? How do I get internet to the SME guest that runs all my website and proxypass web apps?
If I use a router to run DHCP server, then I won't be able to have so many leases like now. Currently, 10.1.12.1:255.255.252.0 - This allows for a lot of leases, as I have a lot of connections to my box, including security surveillance equipment. Everything runs separate on vlans, but same switch. So one DHCP server on switch.
The link goes to my public wishlist:
x1 - SUPERMICRO CSE-825TQ-R700LPB Black 2U Rackmount Server Case
x1 - ASUS Z9PE-D16 SSI EEB Server Motherboard Dual LGA 2011 DDR3 1600
x1 - Asus PIKE 2108 chipset(LSI SAS 2108)
x1 - LSI LSI00264 MegaRAID LSIiBBU08 Battery Backup Unit for 9260/1 and 9280 Series
x2 - Intel Xeon E5-2620 Sandy Bridge-EP 2.0GHz (2.5GHz Turbo Boost) LGA 2011 95W Six-Core Server Processor BX80621E52620
x8 - Kingston 8GB 240-Pin DDR3 SDRAM DDR3 1333 ECC Registered w/ Parity Server Memory Model KVR1333D3Q8R9S/8G
x8 - TOSHIBA PH3200U-1I72 2TB 7200 RPM SATA 6.0Gb/s 3.5" Internal Hard Drive
Let's call my current production server SMEserious.
I currently have a q6600 that was a gaming desktop, now being used for SME 8 production and a DL380 g3. Everything was authenticating against my current SME, so if I have another server, say my DL380, to run as gateway, and SMEserious on my new equipment, how can I authenticate production against gateway?
What would you do? Setup a separate SME DHCP server, separate router ($$$$), etc?
I also wanted to use my q6600 equipment to run Proxmox cluster, without HA.
End result, I need to have SME(for webserver, fileserver, and proxy for filtering and splash on public WLAN), PlexMediaServer, Moodle 2.4, Red5, Blender 2.6 (netrender farm), and XMPP server (messaging system).
I will have 3 servers:
new server
q6600 with 8gb ddr2 and x6-2TB Hard Drives (No hardware raid)
DL380 with 4gb ram and x19-36gb SCSI drives (Perc5/i raid)
3 public routers used against CoovaChilli for splash screen and guest authentication (its for a church)
-
It says here http://pve.proxmox.com/wiki/SMEServer_KVM that Proxmox 2.2 can handle SME 8 in gateway mode.
It would probably be essential to delay the start of any other KVM, but that shouldn't be hard in cluster mode. And Proxmox will have a static IP, so DHCP is not automatic. Should I open it up to the wan side? Should the management iPMI and iKVM on the Asus motherboard be opened to the WAN? How do you remotely operate a server from the management port on the motherboard?
-
I agree that firewall within the production VM host is not a good idea. I have decided to use another SME low-power server as my firewall, DHCP, and web-filtering.
So my setup would be
Wan -----> SME Firewall -----> Proxmox Vm (with SME production appliance) -----> AFFA Backup Server
- Would you recommend that I include my AFFA Server and Firewall in the same box?
- Is it possible to authenticate one SME server against another? Web content filtering will require login to bypass or override some filtering. I would like to utilize SSO from my main production server, which acts as the domain/file server.
- Would you recommend not using SME as a firewall, and use hardware firewall with DHCP or another server distro?
-
Would you recommend that I include my AFFA Server and Firewall in the same box?
no..
Is it possible to authenticate one SME server against another? Web content filtering will require login to bypass or override some filtering. I would like to utilize SSO from my main production server, which acts as the domain/file server.
no, AFAIK.. but SME8 has ldap and support (AFAIR) ldap auth.. you could use ldap auth on squid
Would you recommend not using SME as a firewall, and use hardware firewall with DHCP or another server distro?
if you need dhcp, firewall AND proxy -> pfSense, Endian, Smoothwall, IpCop and so on
if you need only dhcp and firewall -> m0n0wall
-
How will I be able to authenticate my SME users against the proxy for web filtering overrides?
Software firewall is a better solution than hardware?
-
How will I be able to authenticate my SME users against the proxy for web filtering overrides?
AFAIK pfSense and other similar sw can use ldap to auth users
Software firewall is a better solution than hardware?
there are no "HW" firewall.. there are only hw that runs a firmware, i.e. a SW..
IMO you should test some of them and choose the one you prefer
-
If I setup proxy, dhcp, and firewall will I still be able to use SME email server and services in server only mode?
I think I understand, I just want to make sure I handle all SME functions when operating as a gateway
-
Thankyou so much.
I decided to go with this workflow:::
--- Cluster ---
Server 1(GL360 G4p)
Proxmox Host Master
pfsense firewall UTM
SME Test Server
Centos Test Server
Server 2(Custom Q6600)
Proxmox Host Slave 1
SME Production Server
SME 8.0 w/ Asterisk
Centos 6.0 (to utilize newer MySQL version)
Centos 6.0 (Plex Media Server and Red5)
Server 3 (DL380 G3 {Not Proxmox capable due to no AMD64 support})
SME 8 w/ AFFA Backup
Are there recommended distros for running just MySQL Databases or is minimal Centos 6 fine?
Just a note, all services work in server-only mode less gateway features(ie. Port Forwarding, Proxy, and DHCP Server)
-
I am running several PM box's with virtual SME as "firewall Gateway" the PM has fixed IP within same IP range for obvious management, I have other PM box's Using Virtual Pfsense as firewall/Vpn etc which maintain VPN's etc so all remote management can stay connected. I use one NIC solely for WAN and multiple LAN nics for networks. I have started to use SINGLE SSD's 512G for main PM install and multiple 2Tb drives for daily PM backups and VM data backups, NO Raid!. I have one PM x2 with multiple Raided 2TB drives plus a DRDB volume for VMs, Nice for quick migration of running VM, SME on that has 1Tb storage using 1/2 of it. I am using PM 1.9 at moment. Have had no SSD problems, touch wood!. :smile: PM is a nice fit for SME Production and development on the one/two or more box setup!. cheers
-
I'm trying my setup with PfSense as the firewall, but I'm having issues.
THIS IS NOT AN SME ISSUE, however, contribs.org is my place for server information. Best forum I've known to be on, therefore, I will ask this question.
In proxmox, I have setup two Virtual Bridges. One is connected to eth0 and the other eth1. I have set the static IP and Gateway for eth0 to my ISP provided information (WAN), and set the static IP of eth1 to be within LAN range (management). I have perfect connectivity locally, but I cannot establish internet connection from WAN to LAN. I don't even know if there is connection on eth0.
What should be the settings for the bridges in Proxmox in order to establish that connection? PfSense?
Essentially, this information will go to a How-To I will post as soon as I establish the proper way to set everything up. This way, anyone can easily get started with virtualization even if they only start with one VM application.
Also, Container or KVM? Can't understand the difference established by Google, but I know it has something to do with sharing a kernel :?
-
Its straight forward.. So in PM you have the pfsense ISO in PM, create a KVM pfsense, 512 ram, 1Cpu, 1Core 4g HD (I think it can be smaller?) give it vrmb0 bridged off eth0 AND vrmb1 bridged off eth1.
So run up pfsense VM boot the iso, install to the HD, configure the WAN -> re0 (in pfsense naming ) and LAN -> em0.
eg my re0 is a fixed IP 192.168.8.2, my WAN gateway (DSL router) 192.168.8.1... My em0 is 192.168.3.1 (this is the gateway address for the LAN users/VM etc ONCE you fire up the DHCP service inside pfsense.) This is eth0 on the PM box.
To manage pfense web browse to the Gateway address (192.168.3.1) (you need to have your PC fixed IP in the .3.x because you would turn off your SME dhcp and pfsense is not configured YET)
I use different LAN types for the vrmb0 and wrmb1 IE eth1000 and rtl8139 so I can be sure of which is which.
Logon to pfsense goto firewall and in RULES WAN configure services required ( ie My SME is fixed ip on 3.20 )
TCP * * 192.168.3.20 80 (HTTP) * none NAT http
TCP * * 192.168.3.20 443 (HTTPS) * none NAT https 443
TCP * * 192.168.3.20 25 (SMTP) * none NAT SMTP
Etc ..
TCP * * 192.168.3.20 8993 * none NAT Zarafa Imaps
etc then VPN etc. Pfsense is comprehensive and flexible and reliable it has its own backup of config etc.
Its Been awhile from memory. we have ours with voip entrys etc / nailed up tunnel to another network where our voice servers sit ..
cheers hope that gets you started..
PS I migrated over to Pfsense with My SME running in server-gateway mode and tested it a bit at a time then change SME to server only
once I was happy with understanding of Pfsense operation.
-
Just re-reading your query.. Your LAN settings need to know of the gateway/DNS address in pfsense? Manually set or correct DHCP setting (cart before horse)
AND your pfsense needs its WAN (re0) configured correctly. Use ping to test local and remote IP inside pfsense?.
cheers :smile:
-
I'm trying my setup with PfSense as the firewall, but I'm having issues.
THIS IS NOT AN SME ISSUE, however, contribs.org is my place for server information. Best forum I've known to be on, therefore, I will ask this question.
if so, this is OT in this forum
please opena another topic in "general discussion", thank you