[OOTB-infra] Live showcase
Martin Cosgrave
martin at ocretail.com
Thu Oct 16 17:46:33 BST 2014
Not sure I'm following the logic; we probably want the VMs to be
independently addressable from the internet even if they go through 1:1
NAT in pfsense
On 16/10/14 18:42, Heiko Robert wrote:
> Having a subnet is nice to have but I don't see the need for the VMs
> since their network interface shouldn't exposed directly to the
> internet. We learned to be very restrictive since the hosters public
> IPs are attacked all the time. So having only one firewall / reverse
> proxy is much easier to maintain/monitor and to make secure than every
> new VM which will be naked in the war zone ...
More information about the OOTB-infra
mailing list