New here and to the world of networking/homelab/cybersec. You can imagine I’m pretty stoked to find this forum as an intersection of all 3. I’m here looking for guidance on several things as I try to set up a homelab. First, a little background/some considerations.
My relevant experience is limited to running a plex server on a pi and a handful of hours with vmware.
I daily drive Linux (Void) and Windows 11
I’m a cybersecurity student
Gigabit fiber ISP
What I’m trying achieve with the homelab
learn virtualization/ hypervising and networking
create lab environment for various cybersecurity projects
media server and few other lightweight services (not the main priority but a nice-to-have)
Hardware I already have dedicated to this
Lenovo m720q - OPNsense box
Lenovo m70q - server
1tb USBC rocket nano external SSD - NAS
Netgear GS105Ev2 - switch
m720q
i5 8500T
16gb DDR4 ram
256gb NVMe
PCIe slot that can take either a 4port gigabit or 2port 10gb nic
m70q
i5 12400T
32gb DDR4 ram
256gb NVMe
My main goal here is to learn and document everything for a cybersec portfolio.
Q’s
Setting the m720q up as a router + firewall can be done with either a 4port gigabit / 2port 10gb nic for about +$50 for either setup. I’m sure 1gb should be fine for what I want to do but why not 10gb for ~ the same amount of $? The m70q server only has a single gigabit port but down the road I’ll likely want a better storage solution, maybe something that can take advantage of that 10gb nic. 10gb still overkill? Any thoughts? Can/what other services can be handled by this machine (pihole etc)? Should OPNsense be run on bare metal here?
I’m thinking to run XCP-ng on the m70q server. Will it be possible, (with the above hardware) to set up services (jellyfin,nginx etc) on the home network and then set up an isolated network for the cybersec lab? And, how do you recommend I go about doing this?
Any guidance, input, ideas, help with planning would be extremely appreciated. Thanks so much in advance.
I’ve watched a ton of your videos but missed that one you linked @LTS_Tom
I found a good deal on a 1gb nic/Lenovo PCIe adapter that should get me rolling and will work with the switch I’ve already got (that does support VLAN) @xerxes
I finally started working on this and easily got XCP-ng up and running in no time thanks to your excellent video@LTS_Tom. It’s just idling right now with a single fresh debian install but plans to start hosting a few things in addition to some cyberlab VMs
I’ve also just got the 4port gigabit NIC installed in the router box and a USB drive ready with OPNsense though I’m stuck on trying to work out how to get everything connected -
Am I going to be able to use the ISP provide box to act as modem/WAP, or rather, how will this work after I introduce the OPNsense box (router/firewall)?
Then I need to work out the best way to segment this to isolate the cyberlab environment.
if you don’t need wi-fi, you can use the opn pc (lenovo). WAN is the onboard nic which should get a public ip from your ISP, the 4 ports can be configured LAN, OPT1, OPT2, OPT3.
Say, you make a 10.0.0.0/24 network. OPT1 could be 10.0.10.0/24 (VLAN10), OPT2 could be 10.0.20.0/24 (VLAN20). VLAN10 can go outside, VLAN20 can go outside but VLAN10 cannot ‘see’ VLAN20 or vice versa. A lab can exist in VLAN10 or VLAN20, isolated from the rest of the network.
That all makes sense, though I do need wifi which is what is tripping me up - how do I introduce my OPNsense box yet maintain the modem/WAP capabilities of the ISP provided box?
I’m trying to understand how to setup the flow of traffic with this hardware and then I think the rest will start to make sense, including how to segment the network.
ISP brings internet in —> WAN port on OPNsense -–> one of the 4 NIC ports from OPNsense to the switch —> switch to server.
Is the WAP not outside of the firewall/router at this point?
Funny about choosing Void and XCP-ng. I suppose a part of the reason I chose each is for the smaller communities of each. And while neither is mainstream or first choices for anyone getting started with Linux or home labbing respectively, they’re not so obscure as to have a total lack of resources when you inevitably need help. I first installed Void some years ago (dual boot with Windows10) with x11 and XFCE but didn’t really use it at all. When I committed myself to making the transition to Linux as a daily driver I picked up a secondary laptop for cheap and went with a base install and struggled my way to a (desktop environment-less [Wayland/Rive]) functioning machine over the course of a month (or months?).
And so again this time to better understand I’m setting up the lab with XCP-ng where as some years ago I got a Pi with Plex running in no time but didn’t learn a whole lot in the process. Over the weekend I started with an install of Alpine Linux on XCP-ng but decided I’d be too far out of my depth when it came to setting up my web/email servers with little documentation out there.
On a another note, I’m learning the hard way the importance of redundancy. My USBC rocket nano external SSD has decided to retire itself from service. It’s simply dead when plugged in. No status light as there usually is and swapping machines, ports, cables does nothing to remedy the situation. Fortunately nothing critical on that drive, but a bummer none the less.
