Jack Moore

Email: jack(at)jmoore53.com
Project Updates

Half Baked Homelab

12 Nov 2019 » sysadmin, networking, virtual, proxy

Setting up a Semi-version of a Homelab

Two laptops are currently connected to the home network on the network 192.168.1.0/24

Docker Container firefox running on my current workstation

Physical Machine

On my homelab, I have virt-manager. I usually open an X11 ssh connection to my homelab with ssh -X xps Then graphics are passed when I run programs on the homelab host.

In virtmanager I have two networks setup, nat-net is 10.0.0.0/24 that is NAT’d to the host, and the other, isolated-net is 10.0.1.0/24. I have 3 vm’s configured, pfsense is on the nat-net and isolated-net; and ubuntu1 and ubuntu2 are strictly on the isolated-net.

The pfsense box has two interfaces which allows it to talk to both networks. When assigning networks from virt-manager, make a note of the MAC Addresses, these are important when configuring the LAN and WAN.

Pfsense

Pfsense was easy enough to install. There are about a million guides so I’m going to keep this brief.

When installing from the terminal, configure the WAN. Configuring LAN can be done earlier. Being able to talk out is pretty important.. I ran into a hiccup and was unable to ping or curl although I knew the services were running that usually return responses to these two commands. I then looked and saw the firewall was blocking all incoming traffic on all ports. With pfctl -d I disabled the firewall and was able to ping and get to port 80 on the machine. The one caveat with this was that upon saving once, the firewall is re-enabled. This wasn’t an issue for me, so I changed a few settings allowing private ip's and allowing bogus networks as well as added a firewall rule to allow anything from the physical machine. I was then able to curl and ping the box as I had planned.

The other note was configuring the gateway and IP address on the WAN. For some reason the IP Address was configured for the host machine,, so the pfsense vm was getting a 192.168 address rather than a 10.0 address. I had to go in and statically change the IP and subnet mask and then everything was good to go.

Socks Proxy over SSH Tunnel

Socks proxy over ssh is pretty easy to configure if you know how to. The following command opens a proxy.

ssh -D 10080 -q -C -N xps

-D 10080 opens the SOCKS proxy on localhost port 10080

-C compresses the data

-q doesn’t output anything locally

-N used for only forwarding ports

xps is set in ~/.ssh/config for my homelab physical host

Docker Firefox Proxy-Proxy

jlesage/firefox

Configuring the firefox container at localhost:5801; To make this clear I am going to port 5801 on my mac which is a port that opens to a firefox container. In the container, I set the firefox prefrences to use the host.docker.internal and port 10080. This way I don’t have to continue to change the settings on my local macbook firefox settings.

I will for sure look into firefox profiles or profiles plugins in the near future for opening the proxy to the homelab.

Services

These are the services I wanted to host:

References

© Jack Moore