nihilist/blog-contributions
1
1
Fork 12
Code Issues 69 Pull Requests 1 Packages Projects 2 Releases Wiki Activity
4f35d19e98
blog-contributions/opsec/pf_virt/index.html
nihilist 91d7cdf146 updated mail
2024-08-28 20:13:19 +02:00

208 lines
8.4 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>Virt-manager Pfsense</title>
<!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
<link href="../../assets/css/xt256.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="../../assets/css/main.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-inverse-anon navbar-static-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand-anon" href="\index.html">nihilist`s Blog</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="/about.html">About</a></li>
<li><a href="/blog.html">Categories</a></li>
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
<li><a href="/contact.html">Contact</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist - 24 / 04 / 2024</ba></p>
<h1>Open Source router setup : QEMU/KVM Pfsense </h1>
<p>In this tutorial we're going to cover how to setup an open source router inside of a QEMU/KVM VM (also an open source hypervisor):</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<div id="anon3">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Initial setup </b></h2>
<p>First install virt-manager in your debian system:</p>
<pre><code class="nim">
sudo apt install virt-manager qemu libvirt0 qemu-kvm ebtables dnsmasq bridge-utils -y
sudo gpasswd -a $USER libvirt
sudo systemctl enable --now libvirtd
sudo systemctl status libvirtd
sudo virt-manager
</code></pre>
<p>Then configure the network (NAT for the WAN interface of pfsense + an ip-less interface for the LAN interface of pfsense and the other VMs)</p>
<img src="1.png" class="imgRz">
<img src="2.png" class="imgRz">
<p>so we get the following lan network, and a /24 NAT network, DO NOT ACTIVATE DHCP ON THE LAN network, because
our pfsense will do it instead:</p>
<p>now we activate them both and install our pfsense VM following this network graph:</p>
<img src="6.png" class="imgRz">
<img src="7.png" class="imgRz">
<img src="8.png" class="imgRz">
<img src="9.png" class="imgRz">
<img src="10.png" class="imgRz">
<img src="11.png" class="imgRz">
<p>here we make sure that our pfsense VM has 2 NICs, one is the WAN interface with our NAT, the other is the isolated 10.0.0.0/16 network.</p>
<img src="12.png" class="imgRz">
<img src="13.png" class="imgRz">
<p>Next we install pfsense :</p>
<img src="14.png" class="imgRz">
<img src="15.png" class="imgRz">
<img src="16.png" class="imgRz">
<img src="17.png" class="imgRz">
<p>Next select reboot, and we're going to configure our pfsense as the gateway router for the 10.0.0.0/16 network as 10.0.0.1/16, and then we will configure the WAN side of pfsense
to be the other NIC as a static address in 192.168.100.0/24: </p>
<img src="18.png" class="imgRz">
<p>Now if we look at the vm's 2 NICs, we see that the WAN interface has the following mac address: </p>
<img src="19.png" class="imgRz">
<p>And we see that the LAN interface has the following mac address:</p>
<img src="20.png" class="imgRz">
<p>So we assign the interfaces in pfsense accordingly:</p>
<img src="21.png" class="imgRz">
<img src="22.png" class="imgRz">
<p>Next step, we assign static ips to both the interfaces we just setup:</p>
<img src="23.png" class="imgRz">
<p>for the upstream gateway address, we will simply use our host machine ip:</p>
<img src="24.png" class="imgRz">
<img src="25.png" class="imgRz">
<p>Now we setup the LAN-side ip address:</p>
<img src="26.png" class="imgRz">
<img src="27.png" class="imgRz">
<p>Now here we want to setup DHCP on the LAN following the settings we set earlier.</p>
<img src="28.png" class="imgRz">
<p>So we get the following result, and we reboot our pfsense:</p>
<img src="29.png" class="imgRz">
<p>now what we need here is to install a client VM to put inside of our LAN network, and from there we will be able to access the pfsense web interface.</p>
<img src="30.png" class="imgRz">
<img src="31.png" class="imgRz">
<p>Now install debian as usual, we won't use any graphical interface to avoid the installation process to take too long, also make sure to install debian on the WAN interface to avoid any connection problems:</p>
<img src="32.png" class="imgRz">
<img src="33.png" class="imgRz">
<p>Once the installation is done, you get the following:</p>
<img src="34.png" class="imgRz">
<p>However we want our machine to be on the 10.0.0.0/16 subnet, and we also want to be able to browse the web from our debian machine, so before we shut the machine off and change the NIC, we run the following commands:</p>
<pre><code class="nim">
apt update -y ; apt upgrade -y ; apt install lightdm xfce4 xfwm4 lightdm firefox-esr -y
systemctl enable lightdm --now
</code></pre>
<img src="35.png" class="imgRz">
<p>So now we have our debian VM with graphical display, but it's not on the correct subnet, so we shut it down to correct that:</p>
<img src="36.png" class="imgRz">
<p>We select the LAN network, and start the VM again:</p>
<img src="37.png" class="imgRz">
<p>And here we see that we are on the correct subnet, and we are able to ping the LAN interface of our pfsense VM, so let's access it from the web browser:</p>
<img src="38.png" class="imgRz">
<p>If for some reason you can't access the pfsense web interface on 10.0.0.1, you can always re-configure it again:</p>
<img src="39.png" class="imgRz">
<p>now you can login with the admin:pfsense default credentials</p>
<img src="40.png" class="imgRz">
<p>since our WAN network is also a private subnet </p>
<img src="41.png" class="imgRz">
<p>Then follow the rest of the install and you end up with the following result:</p>
<img src="42.png" class="imgRz">
<p>And there you have it! We have been able to install pfsense on virt-manager, with a 10.0.0.0/16 LAN network.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Footer Section +++++ -->
<div id="anonb">
<div class="container">
<div class="row">
<div class="col-lg-4">
<h4>Nihilism</h4>
<p>
Until there is Nothing left.
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>My Links</h4>
<p>
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://matrix.to/#/#nowheremoe:nowhere.moe">Matrix Chat</a><br/>
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>About nihilist</h4>
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@contact.nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
</div><!-- /col-lg-4 -->
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink