This module is a part of a larger series of building a security lab in VirtualBox. Click here to be taken back to the series landing page.

Log into the Web Portal
In Kali, open your web browser and navigate to: https://10.0.0.1





The default credentials are:
- Username:
admin
- Password:
pfsense
Click Next

Click Next (again). Fill out the Hostname and Domain. Uncheck Override DNS. Click Next.

Double check your timezone and click Next.

Scroll down and uncheck this box. We’re double-NAT, which means that the WAN network is also a private network, so we want to allow this. Click Next.

Leave this alone. Click Next.

Change the admin password. Save it in a password vault. Click next.

Click Reload and wait for the web configurator to refresh. Click Finish.
Configure the Interfaces
Isolated Interface
Choose OPT1

Set the Description to Isolated
. Scroll down and click Save and Apply Changes.

AD_LAB Interface
Choose OPT2
Set the Description to AD_LAB. Scroll down and click Save and Apply Changes.


Optimize the DNS Resolver Service
Go to Services > DNS Resolver

Check these boxes, click save and apply changes.

Still under DNS Resolver, go to Advanced Settings. Check both of these boxes. Click save and apply changes.

Give Kali a Static DHCP Lease
Go to Status > DHCP Leases



Click Save and Apply Changes.
Configure the Firewall Rules
LAN
Click on Firewall > Rules

Click on LAN.
Add a rule

- Action: Block
- Interface: LAN
- Address Family: IPv4 + IPv6
- Protocol: Any
- Source: Any
- Destination: WAN net
- Description: Block access to any on same network as host OS
- Click Save
LAN Desired End-State

ISOLATED
Click on ISOLATED

Add a rule

- Action: Pass
- Interface: Isolated
- Address Family: IPv4
- Protocol: Any
- Source: Any
- Destination: Single host or alias =
10.0.0.2
- Description: Allow packets to Kali VM
- Click Save and Apply Changes
Add another rule

- Action: Pass
- Interface: Isolated
- Address Family: IPv4 + IPv6
- Protocol: TCP/UDP
- Source: Isolated net
- Destination: Isolated address
- Destination Port Range: DNS (53)
- Description: Allow local DNS lookups
- Click Save
Final Isolated rule

- Action: Block
- Interface: Isolated
- Address Family: IPv4 + IPv6
- Protocol: Any
- Source: ISOLATED net
- Destination: Any
- Description: Block access to everything
- Click Save
ISOLATED Desired End-State

AD_LAB
Click on AD_LAB

Add a rule

- Action: Block
- Interface: AD_LAB
- Address Family: IPv4 + IPv6
- Protocol: Any
- Source: Any
- Destination: Isolated net
- Description: Block packets to Isolated network
- Click Save
Add another rule

- Action: Block
- Interface: AD_LAB
- Address Family: IPv4 + IPv6
- Protocol: Any
- Source: Any
- Destination: WAN net
- Description: Block packets to host network
- Click Save
Final AD lab rule

- Action: Pass
- Interface: AD_LAB
- Address Family: IPv4 + IPv6
- Protocol: Any
- Source: Any
- Destination: Any
- Description: Allow access to all other subnets and Internet
- Click Save and Apply Changes
AD_LAB Desired End-State

Make Some System Tweaks to pfSense
Go to System > Advanced

Go to Networking

Scroll down and check this box

Click Save and Apply Changes. Click Reboot and reboot now.
Grab Kali's New DHCP Reservation
Log into your Kali VM and open a terminal. Run the command as pictured below.

Your IP address should now be 10.0.0.2
as configured.
Next Step: Adding Vulnhub VMs to the Lab
