Learn how to install pfSense on a Virtual Machine in VMware ESXi.
Permanent link to this article: https://achubbard.com/2020/03/06/installing-pfsense-on-vmware-esxi-virtual-machine-virtual-firewall/
For the last year and a half, I have been all about consolidating my gear. I got into this funk where I absolutely wanted nothing to do with enterprise equipment in my home. I wanted to go home and just be home. However, that attitude has sacrificed a lot of my personal learning and growth. I am a guy who LOVES to tinker. Doesn’t really matter what it is, I just love to tinker and I love gear.
After talking with some fellow IT guys during a meeting recently, I realized, I miss having the gear to work on at home. I missed having the resources to test something and not give a care if I break something.
I’ve also recently started this blog and am attempting to teach myself about WordPress, it’s plugins and WAFs (Web Application Firewalls). I felt re-invigorated to acquire some gear new gear. I am hoping this blog, and purchasing some new gear, will keep me interested in a hobby that has turned into a career for me.
Hardware – Dell R510, R610
I have acquired 2 Dell PowerEdge R610s to use in my rebuilt homelab. Both are outfitted with only 16GB of RAM. Ideally, I would love to increase this to 32-48gb of RAM per host. The price was right on the two machines the way they sit so I figured I would just outfit them as needed. As low power is a slight concern for me, I ordered a pair of Xeon L5630s for each machine.
I would love to have a true Dell SAN to go with the rest of my Dell stack, however, they are subtly out of my price range at the moment. Can you tell? I am a rather big Dell guy when it comes to servers. I picked up an 8 bay Dell R510, was hoping for a 12 bay, but this will give me a start. Honestly, with the size of drives these days, 8 bays should be sufficient for what I am using it for. This will allow me to install my collection of hard drives and pass them through to FreeNAS. I have also picked up a set of 10gb Mellanox cards and cables.
I picked up a pair of Dell PowerConnect 5524Ps. Initially, I planned on using these as my VM switches and picking up a 48 port Cisco of some variation for my core switch. However, I’ve decided I would use both of these for the time being and forgo the Cisco idea. The 5500 series Dell switches support stacking via HDMI cable, not something I have ever tried, but I scored both switches for a song and this is homelab right?
I did however, purchase a Cisco WS-C2960G-8TC-
VLANs, what good is a homelab without VLANs?
WAN – VLAN5
I will provision 3 ports on the Cisco C2960G on what I call VLAN5. Taking the link from my cable modem, I will feed the WAN into 1 port, and send it out the other 2 additional ports to my redundant firewalls. VLAN5 will only exist on the Cisco switch. By setting up the environment this way, it gives me a little bit of redundancy, at least, in my mind. Obviously my two single points of failure are my cable modem and the Cisco switch.
iSCSI Network – VLAN10
As the hosts will have no local storage, we will need to create this VLAN to handle all of the iSCSI/Storage traffic for both. This VLAN will only be present on the Dell stack.
vMotion Network – VLAN15
This VLAN will allow the movement of virtual machines back and forth between my two hosts.
Production/Home Network – VLAN25
VLAN25 is where most of the err….action…happens. This is where my end devices sit. I don’t typically try to break that stuff up in my home environment. This VLAN will be on both the Dell stack and Cisco switch. It will only be present on the Cisco switch so that I can manage the switch from my workstation.
Security Cam Network – VLAN35
My security cameras were once on VLAN25….with everything else… my network was in essence…flat. I currently have 9 cameras with the plan to add a few more (small farm, we have animals etc so we like to keep an eye on things) – I decided it was time to break them out into their own VLAN. Enter stage left, VLAN35. Some of you reading this may be asking, how does this guy pick his VLAN numbers?? Honestly, the number is in direct correlation to the 3rd octet of the VLAN. So, an example might be, 10.10.35.0/24 – the x.x.35.x is where the number comes from. Just something I came up with and ran with.
Guest Network – VLAN45
I do not typically have a lot of guests at my house, we’re out in the woods and people don’t like to visit. I’m ok with that. However, when we do have the occasional guest, I would rather they be on their own VLAN and have no access to anything other than the internet.
Area 51 – VLAN51
This is a new one for me. VLAN51 will become my secure VLAN. It will have no access to the internet. No access to the rest of the network. Any VMs that are apart of VLAN51 will be shut down when not in use. VLAN51 will be used to network my penetration testing VMs.
Since I am moving my office to my basement, I will be working on installing two dedicated circuits for my new lab. My electrical panel is right there and access is fairly easy. Most likely these will be 2 – 20 amp circuits. I am not an electrician, I just play one on the internet. Just kidding, please if you are going to run your own circuits, be aware of the risks involved. I am fairly comfortable working with electricity.
One thing I regret selling is my UPS. That is a pricey component that I will need to re-acquire at some point. I have a couple of smaller ones, and frankly, it’s my homelab, if it goes offline, eh not the end of the world.
One item that I had a hard time selling when I was consolidating my lab, is my 25u StarTech Open Frame rack. I had advertised it locally numerous times and never had anyone actually come and buy it. So I kept it and I am glad I did. It’s one less thing I need to purchase for the this adventure. I am planning on either enclosing it or putting it in a small server closet in my shop/office. This will hopefully help keep the noise down.
Software – FreeNAS, VMWare, pfSense
Something I never needed before was a VMUG subscription. I always had access to VMWare products through work. This time around I will be purchasing the $200 subscription so that I can utilize all of the products that come with it. Both of my hosts will be running ESXi. I will also be using the vCenter appliance instead of the Windows based vCenter install since that is the way things are headed anyways.
Several years ago I utilized FreeNAS as my SAN for a POC (Proof of Concept) for a previous employer. This worked out very well. FreeNAS will be once again utilized for this en-devour. It will be installed on an R510 as stated above. Then I will create an iSCSI target and present that to VMWare as a LUN. Once the LUN has been presented to VMWare, we can go to town building out the Virtual Machines. Fairly straight forward here.
As of the moment my virtual machines are…..lacking. I went from having numerous VMs to accomplish one or two tasks down to one physical host and only a couple VMs to do a lot of tasks. Some things on my list to virtualize:
Firewall – pfSense and CARP – this is something I have never tried. Never really had a reason to. I feel like in the spirit of homelab, I should attempt this. Currently I am running a single Untangle firewall on Hyper-V. I love Untangle (so far) but I do not believe there is a way to create a failover cluster. None the less, this could change at any time. I jump from UTM to UTM or Firewall to Firewall. Keeps things exciting you know?
Monitoring – Nagios, Observium (perhaps Grafana will make a debut at some point too)
Domain Controllers – Currently I am working on my Master’s in IT, so I have access to the Microsoft Imagine program, so I will more then likely be spinning up a couple DCs to work with.
File Server (either nextcloud or something)
Security related – AlienVault, Nessus, and a dedicated KALI VM. Perhaps even a couple other pentest VMs on a secure VLAN.
Patch Management – ManageEngine
Web Server – Centos 7/WordPress/MySQL
Home Automation and Security – HomeSeer
Media – Plex (and maybe iHome Media Server too)
Additionally, aside from my 2 hosts and the R510 SAN, I do have several physical machines present in the lab. One of the biggest tasks will be to remove all of my VMs off my Hyper-V box and turn my Hyper-V box into a BlueIris/Nakivo backup box. I switched to BlueIris from Ubiquiti’s NVR recently, and although I am loving Blue Iris, I find it resource intensive. So I will be leaving it as a physical box. The way I figure it, I can remove all the other tasks off my SuperMicro Mini and then have room for Nakivo along side Blue Iris. That machine has plenty of oomph for those two tasks.
I have a custom built workstation that I can never figure out what to do with, so I ordered up a 2u case and will be racking that as well. This will server as my media ingest machine. By that I mean, when I buy my next lot of DVDs and Bluerays or borrow them, I will use this machine to ingest the media and flip it to my Plex server.
A secure homelab or network environment should have a jump box or jump point. For me, my Intel Skull Canyon NUC will become this. Just a versatile box that is always on. Something I can hit from the field. My NUC will also be tied to a TV or screen in my office so that I can monitor the systems in real time.
Check out my latest Home Lab rebuild posts
Dell R610 Intel Xeon CPU Upgrades – to see my progress on the two new hosts!
Add VLANs and Assign Ports on Cisco 2960G Switch – to see some configurations on my WAN switch
Permanent link to this article: https://achubbard.com/2018/02/24/homelab-rebuild-network-hosts-freenas-dell-r510/