Homelab learning: Configuring Proxmox VE to host your cybersecurity homelab
Hi, all. This is the second part in an ongoing series walking through the steps required to build my isolated homelab with a corporate environment, attack network, security operations center, and remote access VPN. For greater context, take a look at my previous post:
Let’s get started on this installment!
The installation process for proxmox follows the same general path of installing most OSs, so I won’t be delving into that in this post. Instead, I’ll devote more ink to the more challenging aspects of the homelab build. In the references section below, I’ve added a link to the proxmox install walkthrough that I initially utilized to get things configured.
Infrastructure and Cabling
In order to have multiple networks within my homelab, I needed to ensure my network infrastructure included a WAN (wide area network) and a LAN (local area network). While WAN usually signifies the greater Internet, in this context, it simply means outside, beyond my homelab, aka my home private network. Ideally, I would have two ethernet ports and at least two NICs in my EliteDesk miniPC; alas, I had to make do with non-ideal circumstances–a skill I expect to come in handy in my future career. At any rate, it’s possible to install an ethernet-to-USB adapter in the EliteDesk miniPC, in turn creating an additional network interface. I connected one cable (the proper RJ45 port, eno1) to the ISP modem and the second one (the USB-to-Eth, enxf428531c4d5b) to my TP-Link switch, port 1. With two interfaces appearing in my proxmox node–> Network settings, I could begin building Linux bridges for my homelab network infrastructure.
After installing the cabling as described, your network settings should look like this. I strongly recommend including comments like those above, as they will reduce the likelihood of confusion and mistakes down the road.
Creating Linux Bridges
Next, we need to create Linux Bridges tying the network device to the individual 10.x.x.x/24 network segments that will make the homelab.
In HomeLab–>Network, click the Create dropdown menu and select Linux Bridge. From there, use the default name for each Linux Bridge, vmbr#. The first bridge I created was named vmbr1, and I assigned in an IP range of 10.0.1.0/24. Again, I strongly recommend including a comment signifying the network and IP range.
From there, continue for as many networks as you require. With each bridge, you should fill in the IPv4/CIDR and preferably the comment section for clarity. These comments will come in handy while configuring pfSense.
My network setup. After creating all of the bridges you’ll need (I needed five), you should restart proxmox.
A few small but crucial steps before we move on:
- Updating Proxmox
Proxmox runs on Debian, a Linux distribution. As such, before we get too far into things, it’s wise to update proxmox. To do so, go to your node, then to the shell and type:
- apt update
In my case, I received some errors that led to me to misconfigurations: the DNS server and the repository settings.
DNS settings: proxmox and resolv.conf
First things first, I updated my DNS server to a public IP — Google’s DNS server at 8.8.8.8. While I don’t see this as a long-term solution for my homelab, at this point, in troubleshooting mode, I wanted to ensure functionality. You can do this either in the proxmox GUI:
Or in the shell, by entering the /etc/resolv.conf file with:
- nano /etc/resolv.conf
Proxmox Repositories
After that, I received some errors related to the enterprise proxmox repository. Some digging uncovered the need to update my proxmox repository from the enterprise (subscription-based) repository to the no-subscription repository. You can easily change this in the proxmox GUI in <your node> -> Updates -> Repositories:
Here, I clicked on the /etc/apt/sources.list section before selecting “Add” dropdown option. From there, select “No-Subscription” from the drop-down menu. Next, be sure to click on the repository under /etc/apt/sources.list.d/pve-enterprise.list and disable it. Now, you will be utilizing the no-subscription proxmox repository rather than the enterprise repository. Of course, I should note that if you did indeed purchase a proxmox subscription, you do not want to follow my steps here.
Now we’re able to update!
With proxmox installed and configured, we’ve got a solid homelab framework to build from. Now it’s time to dig into the homelab. In the next post, I’ll be discussing how to install and configure pfSense, a firewall and router.
References:
- Install basics: Build a home lab server with proxmox
- Repository info: Proxmox documentation — package repositories
