1st Homelab (pentest/forensics environment) Guidance Needed

Greetings all!

New here and to the world of networking/homelab/cybersec. You can imagine I’m pretty stoked to find this forum as an intersection of all 3. I’m here looking for guidance on several things as I try to set up a homelab. First, a little background/some considerations.

  • My relevant experience is limited to running a plex server on a pi and a handful of hours with vmware.
  • I daily drive Linux (Void) and Windows 11
  • I’m a cybersecurity student
  • Gigabit fiber ISP

What I’m trying achieve with the homelab

  • learn virtualization/ hypervising and networking
  • create lab environment for various cybersecurity projects
  • media server and few other lightweight services (not the main priority but a nice-to-have)

Hardware I already have dedicated to this

  • Lenovo m720q - OPNsense box
  • Lenovo m70q - server
  • 1tb USBC rocket nano external SSD - NAS
  • Netgear GS105Ev2 - switch

m720q
i5 8500T
16gb DDR4 ram
256gb NVMe
PCIe slot that can take either a 4port gigabit or 2port 10gb nic

m70q
i5 12400T
32gb DDR4 ram
256gb NVMe

My main goal here is to learn and document everything for a cybersec portfolio.


Q’s

  • Setting the m720q up as a router + firewall can be done with either a 4port gigabit / 2port 10gb nic for about +$50 for either setup. I’m sure 1gb should be fine for what I want to do but why not 10gb for ~ the same amount of $? The m70q server only has a single gigabit port but down the road I’ll likely want a better storage solution, maybe something that can take advantage of that 10gb nic. 10gb still overkill? Any thoughts? Can/what other services can be handled by this machine (pihole etc)? Should OPNsense be run on bare metal here?

  • I’m thinking to run XCP-ng on the m70q server. Will it be possible, (with the above hardware) to set up services (jellyfin,nginx etc) on the home network and then set up an isolated network for the cybersec lab? And, how do you recommend I go about doing this?

Any guidance, input, ideas, help with planning would be extremely appreciated. Thanks so much in advance.

I always prefer to run firewalls on bare metal to avoid the issues that can come from virtualization.

XCP-ng should run fine on the Lenovo systems

I have a guide here on building a lab

XCP-ng on a thinkcentre is fine. Yes you can segment your network if your network hardware supports VLANs, specifically your switch. OPNsense does.

You want to put the virtual disks for your VMs on the local SSD of your XCP host until you have a 10G interface and a 10G speed NAS connected to it.

For everything else, i.e. data shares, 1G shoudl be fine for you.

Awesome, thank you both for your input.

I’ve watched a ton of your videos but missed that one you linked @LTS_Tom

I found a good deal on a 1gb nic/Lenovo PCIe adapter that should get me rolling and will work with the switch I’ve already got (that does support VLAN) @xerxes