Skip to content

Lab Networking

Lab networking design determines what you can practice
A flat network limits you to basic attacks while a segmented network enables pivoting , lateral movement , and multi-hop attacks

Basic Lab Topology

Internet
    |
[Router/Firewall - pfSense]
    |
[Kali Linux] --- [Target Network]
    |                  |
    |          [Metasploitable]
    |          [Windows Target]
    |          [Web Application]
    |
[Host Machine]

Network Segmentation Strategy

Management Network (Host-only / 192.168.56.0/24) * Host machine accesses VMs * Kali management interface * Snapshot management

Attack Network (NAT / 10.0.2.0/24) * Kali attacking interface * Internet access for updates

Target Network (Internal / 192.168.100.0/24) * All target machines * No internet access * Kali can reach through second interface

DMZ Network (Internal / 192.168.200.0/24) * Public-facing services * Web servers , VPN gateways * Restricted access from management

pfSense Configuration

pfSense provides routing, firewall rules, and VPN:

# Download pfSense
wget https://atxfiles.netgate.com/mirror/downloads/pfSense-CE-2.7.2-RELEASE-amd64.iso.gz

# VM Requirements
# - 2 vCPU, 1 GB RAM, 8 GB disk
# - 3 Network interfaces:
#   WAN (NAT - internet)
#   LAN (Internal - target network)
#   OPT1 (Host-only - management)

Firewall rules for lab: 

WAN -> LAN: Block all (NAT for internet access)
LAN -> WAN: Allow all (target VMs can reach internet)
LAN -> OPT1: Allow established only
OPT1 -> LAN: Allow all (Kali management)

VPN Access

# OpenVPN on pfSense for remote lab access
# WireGuard for simpler VPN setup

Network Monitoring

# Security Onion (IDS/NSM platform)
docker run -d --name so -p 443:443 securityonion/soc

# Tcpdump on pfSense
# Enable packet logging on interfaces

# ELK Stack for log aggregation
docker-compose -f elk-stack.yml up -d

Advanced Scenarios

Pivoting Practice Set up jump box with restricted access: * Kali -> Compromised Web Server -> Internal Database * Requires SSH tunneling, proxychains, chisel

Lateral Movement Multiple workstations with different credentials: * Compromise one workstation * Dump credentials * Move laterally to others

C2 Infrastructure * Redirector on DMZ -> C2 Server on internal network * Domain fronting through CDN * HTTPS beaconing patterns