setting up small network lab

**Studlyami** · Feb 15 '08, 11:23 PM

Setting up a linux machine to act like a network filewall, router, ect. is a large topic with a lot of documentation in various places on the web. Your best bet is to start reading, reading reading, and then post some specific problems you are running into. Also you should look into using VM Ware to practice some home network type stuff, it can save you some money (creates a virtual machine that acts like its a completely different computer).

**sicarie** · Feb 16 '08, 02:25 AM

zonar00-

Please watch your language.

Also, there are several guides to configuring DNS and DHCP, but you should really concentrate on the design first and foremost, the rest will come. If this is just go get experience, go for it, install it and removed it as many times as you need to get the steps and options down. However, if this is just for a "best practice" example of a home network, you should design it first based on what you want to do with it.

So, what is the goal? Do you want to do web development? Do you want to host information? Do you want to do pen-testing?

**zonar00** · Feb 16 '08, 10:32 AM

Originally posted by sicarie

zonar00-

Please watch your language.

Also, there are several guides to configuring DNS and DHCP, but you should really concentrate on the design first and foremost, the rest will come. If this is just go get experience, go for it, install it and removed it as many times as you need to get the steps and options down. However, if this is just for a "best practice" example of a home network, you should design it first based on what you want to do with it.

So, what is the goal? Do you want to do web development? Do you want to host information? Do you want to do pen-testing?

yeah pen-test. YES i want to deploy an IDS on my network and then test it against it evasion/invasion attacks(commonl y known to IDs technologies only)

**sicarie** · Feb 16 '08, 03:07 PM

Originally posted by zonar00

yeah pen-test. YES i want to deploy an IDS on my network and then test it against it evasion/invasion attacks(commonl y known to IDs technologies only)

Well, with a pen-test lab, the thing is that you usually don't want it connected to the internet, so that something isn't released into the wild by accident. I would recommend a pseudo-DMZ setup for that part of your lab, don't make it directly accessible to your personal PC.

So I'd really recommend having your connection to the internet (modem/router) go to your firewall, which will then segment to your "DMZ" and your personal PC. Then you can create your "DMZ" PC to have as many different images as you want, and heavily restrict access to/from the internet (I'd still recommend completely restricting access to the internet, but you said you would like to allow them that...).

I'd also recommend souping one of your boxes up, and having that as your "DMZ" PC, running a bunch of different VMs. The cool thing about VMs is that you can take snapshots and base images and transfer them around/restore them pretty quickly, and they all can (if you want them to, and it sounds like you do, for DNS, DHCP, fileshare, etc...) act as if they are independent machines on the network.

**sicarie** · Feb 17 '08, 01:34 AM

zonar00-

It has come to my attention that this is the second time it has been necessary to speak to you concerning the rules of this forum. These are the guidelines we ask you to abide by, and this is your last warning before measures are taken to restrict your posting.

We don't want to do that, so please read the guidelines and follow them.

Thanks,

sicarie
Moderator - C/C++ and Networking Forums

setting up small network lab

setting up small network lab

Comment

Comment

Comment

Comment

Comment