So far I've built a few VMs in my homelab, to house my AD DS and AD CS services (the Directory Services and PKI respectively). There's also a few CentOS 7 boxen spinning up to house Graylog and ElasticSearch.
Up until this point, all these VMs were getting their IP addresses from our home's internal network infrastructure. Of course it's always a bad idea to mix production and dev/test environments, so I've set up segregation between the two. The easiest way to achieve this will also help me achieve one of my goals for 2019: get acquainted with the pfSense platform.
pfSense is a BSD-based, open source platform for routers/firewalls that can be run both as a VM or on minimalistic ARM-hardware. In my case, I've done a setup comparable to Garrett Mills' example on Medium.com. In short:
- I have defined a new virtual switch in VMWare, tied to one of the unused NICs of the Dell R410.
- This new virtual switch ("LabLAN") is then tied to a newly created port group, also called "LabLAN".
- The pfSense VM is assigned two NICs: one tied to the default "VM Network" port group, which leads to the used NIC on the R410, and the other tied into the "LabLAN" port group.
- After installing pfSense, the "VM Network" NIC is indicated as the WAN-interface, with the "LabLAN" NIC being the LAN-interface.
- After running through the basic pfSense configuration, it mostly works out of the box!
- I've migrated all the VMs I'd made so far into the "LabLAN" port group, adjusting their IP configurations accordingly.
BAM! The dev/test VMs are now tucked away into their pocket universe, invisible to our home network.
EDIT:
The pfSense folks also provide nice documentation on setting up their product inside VMWare ESX.