1st Homelab (pentest/forensics environment) Guidance Needed

Greetings all!

New here and to the world of networking/homelab/cybersec. You can imagine I’m pretty stoked to find this forum as an intersection of all 3. I’m here looking for guidance on several things as I try to set up a homelab. First, a little background/some considerations.

  • My relevant experience is limited to running a plex server on a pi and a handful of hours with vmware.
  • I daily drive Linux (Void) and Windows 11
  • I’m a cybersecurity student
  • Gigabit fiber ISP

What I’m trying achieve with the homelab

  • learn virtualization/ hypervising and networking
  • create lab environment for various cybersecurity projects
  • media server and few other lightweight services (not the main priority but a nice-to-have)

Hardware I already have dedicated to this

  • Lenovo m720q - OPNsense box
  • Lenovo m70q - server
  • 1tb USBC rocket nano external SSD - NAS
  • Netgear GS105Ev2 - switch

m720q
i5 8500T
16gb DDR4 ram
256gb NVMe
PCIe slot that can take either a 4port gigabit or 2port 10gb nic

m70q
i5 12400T
32gb DDR4 ram
256gb NVMe

My main goal here is to learn and document everything for a cybersec portfolio.


Q’s

  • Setting the m720q up as a router + firewall can be done with either a 4port gigabit / 2port 10gb nic for about +$50 for either setup. I’m sure 1gb should be fine for what I want to do but why not 10gb for ~ the same amount of $? The m70q server only has a single gigabit port but down the road I’ll likely want a better storage solution, maybe something that can take advantage of that 10gb nic. 10gb still overkill? Any thoughts? Can/what other services can be handled by this machine (pihole etc)? Should OPNsense be run on bare metal here?

  • I’m thinking to run XCP-ng on the m70q server. Will it be possible, (with the above hardware) to set up services (jellyfin,nginx etc) on the home network and then set up an isolated network for the cybersec lab? And, how do you recommend I go about doing this?

Any guidance, input, ideas, help with planning would be extremely appreciated. Thanks so much in advance.

I always prefer to run firewalls on bare metal to avoid the issues that can come from virtualization.

XCP-ng should run fine on the Lenovo systems

I have a guide here on building a lab

XCP-ng on a thinkcentre is fine. Yes you can segment your network if your network hardware supports VLANs, specifically your switch. OPNsense does.

You want to put the virtual disks for your VMs on the local SSD of your XCP host until you have a 10G interface and a 10G speed NAS connected to it.

For everything else, i.e. data shares, 1G shoudl be fine for you.

Awesome, thank you both for your input.

I’ve watched a ton of your videos but missed that one you linked @LTS_Tom

I found a good deal on a 1gb nic/Lenovo PCIe adapter that should get me rolling and will work with the switch I’ve already got (that does support VLAN) @xerxes

Hello everyone!

I’m new here and new to networking, homelabs, and cybersecurity. Really excited to find this community that covers all three.

A bit about me:

  • I’ve run a Plex server on a Raspberry Pi and played a bit with VMware.
  • I use Linux (Void) and Windows 11 daily.
  • I’m a cybersecurity student.
  • I have gigabit fiber internet.

What I want to do with my homelab:

  • Learn virtualization, hypervisors, and networking
  • Build a lab for cybersecurity projects
  • Run a media server and some light services (not a priority)

Hardware I have:

  • Lenovo m720q as OPNsense router/firewall (i5 8500T, 16GB RAM, PCIe slot for either 4-port gigabit or 2-port 10Gb NIC)
  • Lenovo m70q as server (i5 12400T, 32GB RAM)
  • 1TB USB-C external SSD for NAS
  • Netgear GS105Ev2 switch

Questions:

  • For the m720q router/firewall, is it worth getting the 10Gb NIC over gigabit for about the same price?
  • The m70q server has only 1 gigabit port. Should I plan for better storage that uses 10Gb NIC in the future? Or is 10Gb overkill?
  • What other services could I run on the router? Like Pi-hole?
  • Should I run OPNsense on bare metal?
  • Planning to run XCP-ng on the m70q server. Can I run services like Jellyfin and Nginx on it while also isolating a separate network for cybersec labs?
  • How would you recommend setting this up?

Would really appreciate any advice, ideas, or planning tips. Thanks so much!

This sounds like a re-post. Is there a class of cybersec students trying to outsource solving an assignment from their university classes?

I don’t know, that looks like bot activity to me.

I was not sure if I should delete the post/user or not. They appear to be a real person based on their sign up.