This is how I built out my home lab. I recently moved my firewall to OPNsense. I heard good things about this firewall and thought I would give it a try. Of course I tested it out in Vmware first. You can find my writeup on it here.
Lets start out with what I have for my firewall:
Customer built desktop
- 1TB SSD
- 64GB RAM
- Intel i7-10700K
- 5 intel Ethernet adapters(My startech NICs did not play well with OPNsense, no drivers were available at the time of build)
- Motherboard Ethernet and wifi adapter built in.
Now I had this setup using a old Optiplex 9020, startech NICs, and 32Gb of ram. Also I could only use three NICs. I just thought it would be fun to build a computer to use as a firewall/router and started a build strictly for OPNsense.
As you can see I am using all 6 ethernet adapters:
- WAN(connection from modem)
- LAN(Personal Desktops, Gaming Systems)
- WLAN(Mobile devices, Tvs, IoT devices)
- PentestNet LAN(DMZ, where the fun happens or where I break things….)
- Office LAN(my remote work, just thought I would have my work machine on its on subnet)
- Rasberry-pi – Pi-Hole(LAN and WLAN use this guy as their DNS server) Block those Ads!
VMware Host Machine/ Plex Server
This is really my personal custom built pc that I have windows deployed on. Mostly used for VMware and as a Plex media server.
This PC has 4 NICs installed and 128GB of RAM:
For the home lab, two of these adapters will be really important:
- MonitorNet(This NIC is used strictly for VMware, the Cisco switch configured mirror port connects directly to this port so that we can capture all the network traffice on the PentestNet LAN)
- PentestNet(This NIC is used strictly for VMware as well, connected to Cisco switch on the PentestNet subnet, this allows virtual machines using this adapter to strictly be on the PentestNet LAN)
See my VMware network configuration guide here.
SELKS
I currently have SELKS installed on a Optiplex 9020, for this home lab it will be necessary to have two NICs. One for the internet/web interface access and the other interface will be used as the sniffer.
Note that SELKS can be deployed in a VM with no issues at all. I just figured that I would put the recycled optiplex to use and installed SELKS on it. See my SELKS installation guide here.