Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    I need advice on setting up virtual lab

    Scheduled Pinned Locked Moved
    Firewalling
    4
    4
    809
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      warloxian
      last edited by

      I don't necessarily want direct answers. I don't learn well unless I have to do the work. What I really need is some starting advise and direction and maybe someone to kind of hold my hand while I am learning this. I am not selfish when it comes to my knowledge. Anything you guys can teach me will be reciprocated in the future to others looking for help. I appreciate you spending a little of your valuable time to help me get started.
      I am setting up a home lab to learn networking and ethical hacking. I am not a rich man so I am limited on the hardware I can afford, but I do update as I am able.
      At this time I have Charter/Spectrum internet and I my speeds average 293 Mpbs down, 19 up with an average latency of 60ms on my WiFi. My wired system is Frankenstein'd together. I have a Netgear power line adapters to carry my wired connection to my garage. Its what I have now and it's not the best, but I have to work with what I have.
      In my garage I have an old Toshiba P755, with a USB adapter for my second NIC, that is my Pfsense router/firewall. I have an Asus RT-AC66U router that I have converted to DD-WRT with wireless disabled at this time that is set as an AP. I have two Netgear GS108PEv3 switches and then I have 6 older servers all running Proxmox and all clustered together.
      My question is about setting up all my routers and switches. I have attempted to look for answers online, but obviously no one has this exact setup, and there are several trains of thought about how to put a lab environment together, so it makes it difficult for a complete N00B @ networking to decide how to build this the best way?
      What I am trying to figure out is this

      1. All my Proxmox servers have static IP's with the 192.168.1.1/24 address range
      2. I am coming right from my power line adapter into my Pfsense firewall. I am trying to figure out the best way to use the DD-WRT and Netgear switches in this setup?
        Do I go power line to Pfsense to DD-WRT and then use my switches after that or do I use my switches first and then use my DD-WRT to distribute my connection to my servers? My Proxmox servers are all equipped with 4 NIC's each and I also have two PC's that each have 1 NIC. At this point I do not want to set up Pfsense as a virtual machine. Its easier for me to isolate and fix problems if i just keep the Toshiba as my firewall/router.
        Im also trying to use a different IP range for my lab so I am not sure if should manually change the IP's on my servers to fit into a 10.10 network , or a 192.168.2.1/24 network?
      S bingo600B 2 Replies Last reply Reply Quote 0
      • AndyRHA
        AndyRH
        last edited by

        Not a direct answer, which may be what you are after.
        In my logical world...
        Internet -> ATT (POS) -> pfSense -> clients & 2nd pfSense
        So 2ndPF sees my LAN as its WAN. This allows me to do all sorts of crazy stuff and not make the wife mad.

        In my physical world...
        Internet -> ATT (POS) -> managed switch -> pfSense (primary), pfSense (secondary), clients. There are several VLANs to direct traffic. This allows me to "move" a port without touching a cable. Both pfSense installs have several connections to the switch, some are trunked, some are not.

        o||||o
        7100-1u

        1 Reply Last reply Reply Quote 0
        • S
          SteveITS Rebel Alliance @warloxian
          last edited by

          @warloxian Unless you have a lot of networks I would probably make them something not-similar so diagnosing issues is easier. For example the 10.x.x.x, or 192.168.111.x and 192.168.222.x, etc. .2.1 is an easy typo from .1.1. :)

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote šŸ‘ helpful posts!

          1 Reply Last reply Reply Quote 0
          • bingo600B
            bingo600 @warloxian
            last edited by bingo600

            @warloxian

            1:
            May i suggest you download the Free DIA diagram writer program
            https://forum.netgate.com/topic/166945/free-network-diagram-drawing-tool-for-win-mac-or-linux

            And make a drawing of your "As IS" and "To BE" network.

            2:
            Since this is a LAB , that will end up with multiple vlans (else it's not a lab)
            I will suggest you assign a : 10.xx.yy.00/16 network to your lab network.
            Then you would have room for 255 labs (xx) with 255 (yy) /24 networks (vlans) , that can be used in your lab(s).
            Match the xx to your "Lab number" , and yy in the ip address to the same vlan number.
            Ie. 10.xx.10.0/24 would also be vlan 10
            Ie. 10.xx.20.0/24 would also be vlan 20
            etc ...

            Hint ... Do not use 10.00.x.x or 10.01.xx.xx
            Aka avoid using "Lab 00" and "Lab 01"
            Those ip's are way to used by ISP's , and will bite your behind at some time.

            I'd start with "Lab 101" (10.101.xx.00/16) or something "random" you feel for

            3:
            If possible i'd prob use the USB as "Lab Wan" , as the built in adapter prob. has higher performance , and would be better used for the "Lab inside vlans"
            I like to always have my WAN connected via a "Real L3 interface" , have seen too many "Vlan Leak bugs" on "Consumer switches" to trust a Vlan as my WAN.

            4:
            You would need a Vlan capable switch for your LAB inside, to "Fan out" the multi vlans to separate ports.

            5:
            I did a ultra brief intro on how2 make a vlan on a pfSense here
            https://forum.netgate.com/topic/158196/making-best-use-of-physical-nics-vlans/6

            Affordable switches
            I like the D-Link DGS-1100-08v2 switches $42
            https://www.amazon.com/D-Link-Ethernet-Managed-Internet-DGS-1100-08V2/dp/B08P2C2GXF/

            They are basic vlan capable switches , for a nice price.
            Basic means they can't do ie. 802.1x authentication , or SNMP write confguration.
            But they can do (i think 32 Vlans) and IGMP etc ....
            They're nice low wattage fanless "sattelite" switches ...

            I also like the DGS-1210 series also fanless (they can do 802.1x auth etc ...)
            But they seems to be in backorder , prob. due to the Chip shortage.
            I use DGS-1210-24 and DGS-1210-28 , in EU you can get them for around $150 , if in stock.

            I'm not sure if the TP-Link's have gotten their vlan leaks under control in the current revision, but they were NOT recommended a few years ago.

            /Bingo

            If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

            pfSense+ 23.05.1 (ZFS)

            QOTOM-Q355G4 Quad Lan.
            CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
            LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

            1 Reply Last reply Reply Quote 0
            • First post
              Last post