I wrote about my home network and the DMZ setup I chose to use a few months ago. Many of you may wonder why I need such a setup and you will probably not be surprised to know that tinkering with computer software is a hobby of mine. Virtualization makes the task of building lab systems much simpler. Long ago, I would have to erase a computer, find new space, or rebuild the hardware just to test out some crazy new idea. Nowadays, I can create a virtual machine or just revive a saved one that is somewhat close to what I would like configured. I use many operating systems, such as FreeBSD, OpenBSD, and Ubuntu Linux to try out ideas or see how something works. Server operating systems work well when supported with a few extra services. My pfSense router handily does the job of providing services to my virtual machines. I don’t need the full richness of pfSense for regular household use, but pfSense provides services which make supporting my hobby and lab environment much simpler. This follow-up blog will explain these settings in more detail.
The pfSense router offers the same features as a typical home gateway router. The pfSense router provides basic firewall and DHCP services. The DHCP service provides static mapping of the computers I choose to use as clients to my virtual machines. This brings identification of clients in server logs to a new level of ease as I can look at host names and know which client accessed services on a server. The pfSense system also provides an NTP server to keep all virtual machine clocks in sync. SQUID proxy server is enabled to cache download requests of frequently used operating system packages.
More services are at work behind the scenes which support my needs. The Dynamic DNS feature is used to register the ISP assigned address of the home network in DNS for external access. This feature is perfect for using either PPTP or OpenVPN access from the Internet to the home. Dynamic DNS is also used for HTTP and SSH access to the servers in the DMZ.
Enabling the NTP and proxy servers make for much better virtual machine server support. Time sync is an essential function as virtual machines sometime lose time. The proxy speeds up similar operating system package downloads. My favorite pfSense feature is the DNS name registration which enables other clients on the network to access newly installed virtual machines by their assigned host name without needing the new host names being entered manually into the DNS configuration.
Lastly, pfSense supports static routing. This feature is used to assign subnets to different virtual machine hosts. I separate the subnets so I can keep track of what I am doing. I use certain networks for production internet facing functions and others for testing. The static routes help locate networks that I place on other computers for temporary use. My laptop and desktop have their own assignments for different purposes. I use my laptop more for desktop virtual machines and the desktop more for server virtual machines.
Little mention of the great features of pfSense happened in this blog post since I am only referring to what is used for my virtual machine lab. For lab work, I use DHCP to avoid the additional steps involved in network configuration. The DNS name registration feature is a handy time saver. NTP is enabled to fix the virtual machines that slowly lose too much time. The squid proxy server saves time when setting up identical servers since packages get cached locally. Updates to similar virtual machines move quickly with subsequent installation. Configuration of pfSense as part of the network instead of being a gateway was considered, but powering the pfSense on and off became cumbersome leading to an inflexible setup where servers had to be manually configured to point to pfSense. Moving the pfSense server to the gateway role enables central control of everything through DHCP.