[ale] VM for WAN connection?

Alex Carver agcarver+ale at acarver.net
Sat Sep 26 13:19:00 EDT 2015


On 2015-09-26 09:02, James Sumners wrote:
> Finally got the motherboard in for my home router project. While thinking
> about how I want to do it, I had a thought about the connection to my ISP.
> I'm wondering if it is worth it to isolate that connection in a VM? The VM
> would still be hosted on the "router" system, and the traffic would still
> have to be routed back to the host OS.
> 
> Any opinions? Sound plan or redundant overkill?
> 

Don't bother.  Too much extra overhead and if something with the VM
system fails or is compromised then lots of other problems happen.

Just set the thing up to pass whatever open ports you need straight
through and open the service ports (SSH, etc.) to only the inside
network.  If you need to access the router from the outside, bounce
through an internal machine first instead of allowing a direct
connection to the router.

You could also set the internal service ports to accept connections from
only a select few internal machines.



More information about the Ale mailing list