Homelab learning: A general overview of my homelab hardware and topology
Hi, all. This is the first part in an ongoing series walking through the steps required to build your own isolated homelab with a corporate environment, attack network, security operations center, and remote access VPN. Let’s get started on this installment!
Before digging into my homelab setup, I’d like to emphasize that this writeup is not intended to be a comprehensive, step-by-step walkthrough, especially when it comes to OS installs or VM creation. Instead, my purpose in writing is to share a high-level overview of the homelab I’ve built to gain more tangible experience with broad topics like networking, firewalls, and routing, as well as more specific areas like Active Directory, Kali Linux, and various red and blue team tools. With that in mind, let’s get started.
Homelab Aims
Since my plans for the homelab involved gaining experience with various red/blue team tools and techniques, I designed my homelab with functionality in mind, often adhering to the principle of KISS — “keep it simple, stupid.” Beyond this, organization, scalability, and ease of management were key design objectives. I do not claim to have expertise in cybersecurity, networking, or IT broadly; I consider the homelab itself to be a perpetual work-in-progress. That said, I’m proud of the functional, secure homelab framework I’ve constructed to this point.
General Overview of Hardware and Network Topology
Hardware
- MiniPC: HP EliteDesk 800 G1 USDT, used, with a I3–4150 3.5GHz CPU; 16GB RAM; 480GB SSD
- Single network interface card (NIC)*
- Gigabit USB-to-Ethernet adapter
- TP-Link TL-SG108E Gigabit Switch
Due to space and financial considerations, I have built my homelab with space and energy efficiency in mind. While it can’t be considered a state-of-the-art device, this miniPC is strong enough for my relatively small lab and is packed with enough storage and RAM to house and run the various VMs required. The TP-Link is relatively affordable and qualifies as “manageable,” meaning that I can implement VLANs down the road. It has 8 ports, which is more than enough for my simple setup.
*For more info on how to make things work when you have only a single NIC in your server/PC/homelab host, see the ‘challenges’ section below.
Logical Topology
Before you begin developing your homelab, take some time to write down everything you want to include in it and arrange these systems according to your plans for network segmentation. If you’d like to draw up a topology like I did, I can recommend the app/website draw.io. I’ll leave a link for it in the ‘references’ section at the bottom of the post.
In this homelab, I’ve created five distinct networks and a VPN tunnel for remote access to the corporate environment:
- pfSense LAN/MGMT network: 10.0.1.0/24
- Corporate Environment (Corp_Env): 10.0.2.0/24
- Red Team (Attack_Net): 10.0.3.0/24
- Blue Team (SOC): 10.0.4.0/24
- Python Dev (Py_Dev): 10.0.5.0/24
- OpenVPN: 10.0.10.0/24
To avoid DHCP/DNS conflict with my home network and a bevy of other issues, I utilized pfSense as the firewall and gateway router for my internal network. Since I plan to play around with deliberately vulnerable VMs and malware, homelab isolation is crucial.
Within pfSense, you can configure network interfaces, assign each their own private IP range, and allow pfSense to serve as a firewall and virtual router — isolating the homelab from your personal home network and ensuring traffic reaches its proper destination during ingress and egress. For simplicity, I stuck with what I knew: /24 subnetting and network IPs that rose sequentially with their associated Linux Bridges (more on this latter part below).
That wraps up this post. Next, we’ll be digging into the build by installing, configuring, and updating proxmox VE — the framework we’ll use to manage our homelab.
References:
- Draw.io: draw.io integrations
