Setting Home Lab via PfSense Part 1
Why build a home lab?
- Hands-on learning. Having a home lab offers a unique learning environment where you can freely experiment without worrying about impacting your home network, smart devices, or anything else you rely on.
- Cost Savings. This write-up focus more on building a home lab via virtualization. While there are different cost saving ways to build a home lab, we will concentrate on virtual technologies. This can be much cheaper than paying for cloud services or professional training courses, or buying additional hardware.
- Skill Development. Gain practical experience configuring routers, setting up servers, and implementing firewalls. These hands-on skills are highly sought after by employers and can give you a significant advantage in the job market.
Prerequisites:
- Decent desktop/laptop with enough memory, hard drive space, and CPU. Virtualization requires more resources than typical computer use. Ensure your desktop/laptop has ample RAM (16GB or more is recommended) to accommodate multiple operating systems running simultaneously. A multi-core CPU (at least 4 cores) will also significantly improve performance. Opt for an SSD for faster loading times and smoother operation of your virtual machines.
- Oracle Virtual Box — https://www.virtualbox.org/wiki/Downloads
- PfSense Software — https://www.pfsense.org/download/
First Step:
On your computer, download and install VirtualBox from the official website https://www.virtualbox.org/wiki/Downloads. You can typically use the default settings during the installation process. I’ll be using Windows 11 as the host operating system for my virtual environment since it’s my primary OS and offers good hardware compatibility.
Second Step:
Once you have successfully installed VirtualBox, launch it and this will launch the VirtualBox Manager, which is the central console for managing your virtual machines. Your VirtualBox Manager will likely be empty since you haven’t created any virtual machines yet. Don’t worry, we’ll get to that soon!
Third Step:
Let’s create your first VM and we will be creating PfSense. On the VirtualBox Manager, click on the Menu, Machine -> New
This will bring you to a wizard screen to create our PfSense VM.
Here are my settings:
Name: PfSense
Folder: Default location
ISO Image: Path where you download your pfsense ISO file.
Type: Linux
Version: Other Linux (64-bit)
Then click Next
The next menu is to customize our hardware settings.
Base Memory: 2048 MB/2GB
Processors: 2
Then click Next
Which brings the Virtual Hard disk settings. We do not need a lot of hard drive space for PfSense as we will do minimal installation and utilize the firewall and network functionalities with no additional packages to install.
Then click Next
Create Virtual Machine Summary
Then Finish the creation of the PfSense VM.
Before we launch our newly created PfSense VM, we need to customize it a bit more to get our network ready and remove additional features that Virtualbox may have created.
Right click on PfSense VM and choose settings.
This will bring up the PfSense settings. To configure some basic settings in pfSense, let’s go to the System menu. We’ll disable the Floppy Drive option since it’s not commonly used in modern systems.
Next, let’s go to the Network section.
In the Network section, we need to enable 2 Adapters. Mainly Adapters 1 and 2. The first adapter will serve a a connection to your primary network. This is where your main computer is connected to and we will label this as External. The second adapter will serve as the network where our VMs will live. We will label this as Internal.
For our first adapter, we will attach this to Bridge Adapter, connection to your primary network (External).
Adapter 2, check enabled and let’s attach this to Internal network. Under Name, we’ll name this as pfsense. Then click OK.
Now, let’s click on Start and get ready for the Pfsense installation.
The loading process if fairly quick and the next screen will be the PfSense guided installation.
Next, press Enter on you keyboard to Accept. If you find yourself locked in the PfSense console, hit the right ctrl key on your keyboard to escape out.
In the next screen, press OK. Your mouse will be non-operational at this point. This is normal as no mouse driver is present. You will have to navigate through your keyboard.
The next screen will be the Network Installation. Enter OK.
If you recall earlier, in VirtualBox PfSense setup, we enabled 2 adapters, External and Internal. em0 will be our External Interface and em1 will be our Internal interface. Choose OK.
You will notice that em0 is tagged by PfSense as WAN, this is okay. We do not need to make any customization and we will leave the Interface Mode (M) as DHCP (client). Proceed on choosing OK.
Proceeding to LAN (Internal) set up. Choose em1 and choose OK.
Proceeding to LAN (Internal) configuration.
For LAN (Internal) configuration, let’s choose IP Address (I). If you have not change any settings in your home network setup, the typical IP address settings provided by your ISP’s cable modem or FIOS, you may have the default IP network address such as 192.168.1.1/24. To avoid any conflict or any issues from your main network, we need to replace the IP network by choosing any private IP network other than 192.168.1.1/24.
Let’s pick 172.16.40.1/24. If you want to learn more about Private networks, you can research RFC 1918 which stands for Request for Comments 1918. It’s a document that defines a set of IP address ranges that are reserved for private networks. These addresses are not routable on the public internet, meaning they cannot be directly accessed from the outside world. Here is a YouTube video from Network Chuck that tells you more about RFC 1918. https://www.youtube.com/watch?v=8bhvn9tQk8o.
After setting the LAN (Internal) IP address. Proceed to DHCPD Range Start as we have to set that as well to match our new private IP network (172.16.40.1/24).
Why do we need to set DHCP and what is it? DHCP stands for Dynamic Host Configuration Protocol. It’s a network management protocol used to automate the process of configuring devices on IP networks. This will be a lot easier when we setup additional VMs within our Internal network (LAB). VMs would automatically obtain IP address, subnet, and gateway address. Similar to your home setup when you connect to your Wi-Fi or home network, your device/host will obtain IP address automatically.
Proceed with the installation by choosing OK. Confirm the interface assignment and ensure that both interfaces are active and choose continue.
After continuing, you will see the PfSense Active Subscriber section, proceed on “Install CE”.
Continue with the Installation. We are almost done!
Virtual Drive Configuration
Proceed on Virtual Drive type configuration by choosing No Redundancy.
Next, you should only have one disk for software installation. Proceed on and choose OK.
Continue to install on the next screen.
In the next screen, it will ask you to select the version of PfSense. Choose the Current Stable Release. Upon writing this, the version that I download and installed is 2.7.2.
Details of installation will be next.
The installation should not take long and you will see the PfSense post install setup. Choose OK.
Last screen is the completion of PfSense setup. Before proceeding on reboot. Ensure that the ISO is removed from booting.
Within the VirtualBox Menu, choose Devices, Optical Drives, and choose Remove disk from Virtual Drive. If not removed, the setup process will start all over again.
Once you have removed the disk. Proceed on Reboot.
Welcome to PfSense Menu. You may noticed, that looking at our LAN (Internal) em1 configuration that it is still on 192.168.1.1/24 network. Do not worry, we can easily replace that by choosing “2)” Set Interface(s) IP address. I am not certain as to why it did not take our initial configuration.
After choosing 2 as the option, pick “2” to configure LAN (Internal) em1-static.
Answer “n” on Configure IPv4 address LAN interface via DHCP. We do need to configure as Static.
Enter 172.16.40.1 as LAN IPv4 address and 24 as subnet bit count.
Blank (press Enter) for upstream gateway as we are configuring LAN. Proceed on choosing ENTER.
Choose “n” on IPV6 DHCP6 LAN Interface. Then leave LAN IPv6 address as None. Proceed on by pressing ENTER.
Enable DHCP server on LAN by setting “y”
Enter the same information as what we did during the installation process on the DHCP start address and end address — 172.16.40.100–172.16.40.150.
As for the HTTP as the webConfigurator protocol question, choose “n”. We want to access the Web Management interface using HTTPs. Enter to continue.
Now you will notice that our LAN (Internal) em1 is properly setup to use 172.16.40.1/24 network.
Let’s test our network by using ping and nslookup. First, we will check if our PfSense instance can ping all the way through the Internet.
Choose 8 in the Menu and press Enter to load the shell prompt.
In the shell prompt, let’s ping google’s DNS IP 8.8.8.8 and see the results. “Ping” is a command-line utility used to test the reachability of a host on an Internet Protocol (IP) network.
Press ctrl c to stop the ping command.
Now, let’s check if we can resolve Domain Name System (DNS). Type nslookup google.com and check if we can resolve. “nslookup” can help us determine if the domain name is resolving correctly.
All checks are good and we have determined that our network connectivity from PfSense is good. Let’s go back to the main menu by entering “exit”.
This concludes the Oracle VirtualBox and PfSense installation. Be on the look out for “Part II Accessing PfSense Web Administration User Interface” for the first time and installing another VM host.
References:
- Oracle Virtual Box — https://www.virtualbox.org/wiki/Downloads
- PfSense Software — https://www.pfsense.org/download/
- “we’re out of IP Addresses….but this saved us (Private IP Addresses)” RFC 1918 Network Chuck — https://www.youtube.com/watch?v=8bhvn9tQk8o.