About this Project
ℹ️
This module is part of a larger project on setting up Game of Active Directory (GOAD) on Proxmox alongside our existing lab infrastructure. Click here to be taken back to the project landing page.
⚠️
This project also assumes that you've already built out the original Proxmox lab environment, as you'll need to lay some foundational network topologies before configuring GOAD here
Objectives for this Step
- Add the VLAN to our existing Proxmox and pfSense Setup
- Add DHCP scopes and add or update firewall rules
- Create a Linux Container and install tools that will be used to automate provisioning and configuration of resources
Updating the Network
Add the GOAD VLAN
ℹ️
I'm going to keep things brief here, because I've already demonstrated multiple times in the main lab guide how to add / remove VLANs to / from the lab configuration.
Configure the pfSense Interface
Configure the DHCP Server
ℹ️
Typically, I'd have the DHCP server running on the Domain Controller, alongside DNS, but due to the size of the GOAD project and all of the various pieces, I'm going to stick with the creator's original design
Configure the Firewall Rules
Floating Rule Updates
ℹ️
Note, that in the original lab guide, we've created various aliases and firewall rules that will be referenced here, so refer back to the original pfSense setup for more information
GOAD Rules
💡
We're going to take a little bit of a shortcut here and borrow the rules that already exist for the AD_LAB interface
❗
Disregard the
Wazuh_Servers
rule in the screenshot, as that is out of the scope of the original lab guide and this lab guideStage the Provisioning Host
This is the Linux Container that we'll log into and run Packer, Terraform, and Ansible to build and configure resources for the environment.
⚠️
Since the environment we've created in this Proxmox lab differs quite a bit from the one Mayfly -- the original author -- created this Infrastructure-as-Code (IaC) in, please pay careful attention to changes we'll be making to certain documents.
Create the Container
⚠️
If you haven't already done so, you'll want to add a static route on your home router, so that you can SSH into your provisioning LXC from your home network side
ℹ️
I'm going to take the MAC address from the container's settings, now that it's created, log into my pfSense VM on
vmbr1
, and allocate a DHCP reservation to this container, so that it is always at the same IP address. This is better for crafting firewall rules later.✅
When ready, you may start the container
Install the Automation Tooling
Log into your provisioning container via SSH key or password to open a terminal.
ℹ️
The
ssh
client application is available on all current versions of Windows and of course, has been available on Linux for ages⚠️
If you're tying to SSH into the container, remember that the container is on
vmbr1
behind pfSense on the default LAN -- 10.0.0.0/24
with Kali. If you haven't added a static route into the LAN, please do so in order to reach it via SSH.Install and Upgrade Prerequisites
Install HashiCorp Packer and Terraform
apt update && apt install -y packer terraform
Install Ansible
Clone the GOAD Project Repo
cd /root
git clone https://github.com/Orange-Cyberdefense/GOAD.git