Virtual Machines: Difference between revisions
No edit summary |
No edit summary Tag: Reverted |
||
| Line 6: | Line 6: | ||
A fairly high description of each of the VMs in use in the [[Home Lab]]. | A fairly high description of each of the VMs in use in the [[Home Lab]]. | ||
===Firewall=== | ===Firewall=== | ||
====[[Pfsense]]==== | ====[[Pfsense]]==== | ||
The firewall and gateway to the whole of the [[Home Lab]]. The Virgin router will forward all incoming traffic from the Internet to the WAN port of the firewall at 192.168.0.125. The Firewall has five other internal interfaces to link to the Home Lab environment. 192.168.99.10/24 is the MGT VLAN it should be severely restricted to maintain security it is the only VLAN to be able to access the WebGUI of Pfsense. The Production VLAN is where all of the file and web servers are, the gateway address is 192.168.100.1/24. The Infra VLAN gateway 192.168.110.10/24 is where any supporting services will be located, at present there is only a Nameserver. I have reserved a VLAN called VPNnet with a gateway address of 192.168.130.1/24 for a VPN server to provide a VPN tunnel from remote terminals, there will not be many concurrent connections so a /24 network will be more than sufficient. The last VLAN has a Pfsense interface of 192.168.111.1/24 for any Desktop VM terminals that I will use while i am out, I have called this terminals. Further details of the [[Pfsense]] firewall can be found [[Pfsense | here]]. | The firewall and gateway to the whole of the [[Home Lab]]. The Virgin router will forward all incoming traffic from the Internet to the WAN port of the firewall at 192.168.0.125. The Firewall has five other internal interfaces to link to the Home Lab environment. 192.168.99.10/24 is the MGT VLAN it should be severely restricted to maintain security it is the only VLAN to be able to access the WebGUI of Pfsense. The Production VLAN is where all of the file and web servers are, the gateway address is 192.168.100.1/24. The Infra VLAN gateway 192.168.110.10/24 is where any supporting services will be located, at present there is only a Nameserver. I have reserved a VLAN called VPNnet with a gateway address of 192.168.130.1/24 for a VPN server to provide a VPN tunnel from remote terminals, there will not be many concurrent connections so a /24 network will be more than sufficient. The last VLAN has a Pfsense interface of 192.168.111.1/24 for any Desktop VM terminals that I will use while i am out, I have called this terminals. Further details of the [[Pfsense]] firewall can be found [[Pfsense | here]]. | ||
Revision as of 07:19, 28 February 2025
Introduction
There will be a variety of Virtual Machines contained within the Home Lab. A Brief description will be provided here with a more complete set of notes on each individual VM on the links.
Virtual Machines
A fairly high description of each of the VMs in use in the Home Lab.
===Firewall=== ====Pfsense====
The firewall and gateway to the whole of the Home Lab. The Virgin router will forward all incoming traffic from the Internet to the WAN port of the firewall at 192.168.0.125. The Firewall has five other internal interfaces to link to the Home Lab environment. 192.168.99.10/24 is the MGT VLAN it should be severely restricted to maintain security it is the only VLAN to be able to access the WebGUI of Pfsense. The Production VLAN is where all of the file and web servers are, the gateway address is 192.168.100.1/24. The Infra VLAN gateway 192.168.110.10/24 is where any supporting services will be located, at present there is only a Nameserver. I have reserved a VLAN called VPNnet with a gateway address of 192.168.130.1/24 for a VPN server to provide a VPN tunnel from remote terminals, there will not be many concurrent connections so a /24 network will be more than sufficient. The last VLAN has a Pfsense interface of 192.168.111.1/24 for any Desktop VM terminals that I will use while i am out, I have called this terminals. Further details of the Pfsense firewall can be found here.
MGT VLAN
Management kiosk
A desktop Linux used to configure other VMs including Pfsense. As it is so sensitive i have kept it isolated on the MGT VLAN. There I have setup passwordless ssh to various other VMs as well. The host is called Lemon and has an IP Address of 192.168.99.20/24.
CA Server
I have setup a host specifically to issue SSL certificates. The host name is Alpine with an IP of 192.168.99.25/24.
Infra Vlan
Nameserver
There is only one nameserver at the moment called ns1 192.168.110.11/24. It is the only host on the Infra VLAN.
VPNNet VLAN
VPNserver
There will be a VPN server called vanilla at 192.168.130.5/24. It will control VPN access to the rest of the network.
Terminals
Remote Access Terminal
There will be two VMs setup on teminals VLAN (192.168.111.0/24 with a desktop that I will provide for remote access one of them will be Linux (Ubuntu), hostname Lychee and the other will be Windows 11 Pro with a hostname Wahoo.
Prodution
Reverse Proxy
The Reverse proxy Ngnix install is hosted on Raisin 192.168.100.9/24. It should be setup to fetch SSL certs from Letsencrypt and copy the certs to the various webservers that need them. It's primary role, of course is to manage access to the webservers.
Webservers
There wil be at least two webservers, One hosting www.seaoffate.net and the other hosting wiki.seaoffate.net. These will also be servicing .local addresses. MySQL will be on a different host. There will be other hosts that have some sort of webserver on them but not as a primary role.
File server
There is a file server called fig at 192.168.100.11. It will also have a webserver installed and will answer to files.seaoffate.net & files.seaoffate.local. It should be configured to serve files using NFS,FTP and SMB locally but only SFTP externally.
MySQL Server
Manderin at 192.168.100.8/24 is hosting the MySQL Databases.I will probably install phpmyadmin at some point to make DB management a bit easier but I doubt if I will give it external access.
Future VMs
I may well setup a streaming server with some sort of NFS RO share from the file server.
