Configuring the pfSense Firewall for Our VirtualBox Lab

In this module, we will log into the pfSense web portal and configure firewall rules for our VirtualBox lab using our Kali VM.

2 years ago   •   5 min read

By 0xBEN
Table of contents

This module is a part of a larger series of building a security lab in VirtualBox. Click here to be taken back to the series landing page.

Building a Security Lab in VirtualBox
In this post, we we will take a look at an in-detail process of setting up an entry-level cybersecurity lab using VirtualBox




Log into the Web Portal

In Kali, open your web browser and navigate to: https://10.0.0.1

Click Advanced

The default credentials are:

  • Username: admin
  • Password: pfsense

Click Next

Click Next (again). Fill out the Hostname and Domain. Uncheck Override DNS. Click Next.

Double check your timezone and click Next.

Scroll down and uncheck this box. We’re double-NAT, which means that the WAN network is also a private network, so we want to allow this. Click Next.

Leave this alone. Click Next.

Change the admin password. Save it in a password vault. Click next.

Click Reload and wait for the web configurator to refresh. Click Finish.





Configure the Interfaces

Isolated Interface

Choose OPT1

Set the Description to Isolated. Scroll down and click Save and Apply Changes.





AD_LAB Interface

Choose OPT2

Set the Description to AD_LAB. Scroll down and click Save and Apply Changes.





Optimize the DNS Resolver Service

Go to Services > DNS Resolver

Check these boxes, click save and apply changes.

Still under DNS Resolver, go to Advanced Settings. Check both of these boxes. Click save and apply changes.





Give Kali a Static DHCP Lease

Go to Status > DHCP Leases

Click on the button to add a static mapping
Set the IP address to 10.0.0.2

Click Save and Apply Changes.





Configure the Firewall Rules

LAN

Click on Firewall > Rules

Click on LAN.

Add a rule

  • Action: Block
  • Interface: LAN
  • Address Family: IPv4 + IPv6
  • Protocol: Any
  • Source: Any
  • Destination: WAN net
  • Description: Block access to any on same network as host OS
  • Click Save




LAN Desired End-State





ISOLATED

Click on ISOLATED

Add a rule

  • Action: Pass
  • Interface: Isolated
  • Address Family: IPv4
  • Protocol: Any
  • Source: Any
  • Destination: Single host or alias = 10.0.0.2
  • Description: Allow packets to Kali VM
  • Click Save and Apply Changes

Add another rule

  • Action: Pass
  • Interface: Isolated
  • Address Family: IPv4 + IPv6
  • Protocol: TCP/UDP
  • Source: Isolated net
  • Destination: Isolated address
  • Destination Port Range: DNS (53)
  • Description: Allow local DNS lookups
  • Click Save

Final Isolated rule

  • Action: Block
  • Interface: Isolated
  • Address Family: IPv4 + IPv6
  • Protocol: Any
  • Source: ISOLATED net
  • Destination: Any
  • Description: Block access to everything
  • Click Save




ISOLATED Desired End-State





AD_LAB

Click on AD_LAB

Add a rule

  1. Action: Block
  2. Interface: AD_LAB
  3. Address Family: IPv4 + IPv6
  4. Protocol: Any
  5. Source: Any
  6. Destination: Isolated net
  7. Description: Block packets to Isolated network
  8. Click Save

Add another rule

  • Action: Block
  • Interface: AD_LAB
  • Address Family: IPv4 + IPv6
  • Protocol: Any
  • Source: Any
  • Destination: WAN net
  • Description: Block packets to host network
  • Click Save

Final AD lab rule

  • Action: Pass
  • Interface: AD_LAB
  • Address Family: IPv4 + IPv6
  • Protocol: Any
  • Source: Any
  • Destination: Any
  • Description: Allow access to all other subnets and Internet
  • Click Save and Apply Changes




AD_LAB Desired End-State





Make Some System Tweaks to pfSense

Go to System > Advanced

Go to Networking

Scroll down and check this box

Click Save and Apply Changes. Click Reboot and reboot now.

⚠️
Wait for pfSense to come back up before proceeding




Grab Kali's New DHCP Reservation

Log into your Kali VM and open a terminal. Run the command as pictured below.

Your IP address should now be 10.0.0.2 as configured.





Next Step: Adding Vulnhub VMs to the Lab

Adding Vulnhub VMs to Our VirtualBox Cyber Range
In this module, we will look at two different ways, based on file type, to import VMs from Vulnhub into our home lab.

Spread the word

Keep reading