π‘οΈ Network Segmentation and Service Configuration Lab with pfSense (Windows, Kali, Ubuntu)
This document covers the setup of a virtual lab environment using pfSense, Windows, Kali Linux, and Ubuntu Server to implement network segmentation, configure DHCP, DNS, and FTP services, and apply firewall rules. Each step is documented with relevant screenshots for clarity.
π pfSense Installation and Initial Configuration π₯οΈ Installation Steps
Download the pfSense ISO image. Launch the installation and complete the disk partitioning.
Important: Before rebooting, go to Devices > Optical Drives and unmount the ISO file. Otherwise, the installation process will restart. After a successful installation, you'll see the pfSense console interface.
Change the LAN IP address. Default pfSense LAN is typically set to 192.168.1.1, but you must adjust it according to your VirtualBox Host-Only Adapter subnet (e.g., 192.168.56.1) to gain web interface access.
𧱠LAN Segmentation & Topology Overview Three additional VMs are installed:
πͺ Windows 10
π± Kali Linux
π§ Ubuntu Server
Each VM is attached to a separate Host-Only Adapter for network segmentation.
Start the pfSense VM and configure the newly added interfaces
π VirtualBox Network Configuration Navigate to File > Preferences > Network > Host-Only Networks
Create 3 new Host-Only Adapters (one per VM)
Assign each adapter to a pfSense OPT interface
Start the pfSense VM and configure the newly added interfaces
π Interface Definitions
| ArayΓΌz | TanΔ±m | IP Adresi |
|---|---|---|
| WAN | NAT | Otomatik (DHCP) |
| LAN | HOST-ONLY | 10.10.10.1 |
- Access the pfSense web interface at https://10.10.10.1
- Default credentials: Username: admin, Password: pfsense.
π§° Ubuntu Server: DHCP, DNS, and FTP Configuration π₯οΈ Set a Static IP (via Netplan)
sudo nano /etc/netplan/00-installer-config.yamlSample configuration (adjust interface name accordingly):
βYou should replace enp0s8 with your own network graph name. Using the 'ip a' command:
sudo netplan applyπ Configure DHCP Server
sudo apt update
sudo apt install isc-dhcp-server
sudo nano /etc/dhcp/dhcpd.confEdit DHCP configuration:
Set interface in:
sudo nano /etc/default/isc-dhcp-serverWe check the DHCP service distribution and enter the interface names. INTERFACESv4="enp0s3" And we restart the DHCP service:
sudo systemctl restart isc-dhcp-server
sudo systemctl status isc-dhcp-server
π Configure DNS (BIND9)
sudo apt install bind9sudo nano /etc/bind/named.conf.options
Restart service:
sudo systemctl restart bind9
sudo apt install vsftpd -y
sudo systemctl enable vsftpd
sudo adduser ftpuser (We create a username and password)π Edit FTP configuration:
sudo nano /etc/vsftpd.conf
Restart the service:
sudo systemctl restart vsftpd
- FTP access is defined for users.
ftp localhost 
π Firewall Rules and Access Controls
| Rule | Status |
|---|---|
| LAN1 β OPT1 | β Block |
| OPT1 -> LAN1 | β Block |
| OPT1 β FTP(30.30.30.101) | β Block |
| LAN1 β FTP(30.30.30.101) | β Allow |
| All LANs β WAN | β Allow |
β Only specific traffic is allowed to ensure segmented and secure communication. DHCP will automatically provide the ability to run and maintain the external network!
***Client Systems
- πͺ Windows: Connected to LAN1
- π©» Kali Linux: Connected to OPT1
- π§ Ubuntu Server: Connected to OP2
- LAN interface connects to the internet via WAN.
FIREWALL RULES :
SETTΔ°NG DHCP RELAY:
Set the target interface and specify the DHCP server IP (e.g., Ubuntu DHCP IP)
π References
https://www.networkreverse.com/2020/06/how-to-build-linux-router-with-ubuntu.html
https://medium.com/@haticeadiguzel/pfsense-4b9092e71ced
https://www.freecodecamp.org/news/setting-a-static-ip-in-ubuntu-linux-ip-address-tutorial/
https://medium.com/@akardev/dual-boot-ubuntu-22-04-lts-kurulumu-1217ed7bf2fe