- Role & Purpose
- Configuration
The pfSense instance serves as the edge router in the lab environment.
Its purpose is to emulate an ISP or upstream provider. It does not enforce corporate security policies but simply forwards traffic to the OPNsense firewall.
This allows for realistic attack scenarios where OPNsense sees the original source IPs.
- WAN: 192.168.178.100/24 (Fritzbox LAN)
- LAN1: 192.168.50.1/24 (AttackLAN)
- LAN2: 10.10.1.1/30 (P2P link to OPNsense)
- AttackLAN → any: allow
- P2P → any: allow
- WAN → pfSense (192.168.178.100):
- ICMP from 192.168.178.0/24 (ping)
- TCP 443 from 192.168.178.0/24 (WebGUI access)
- Static route: Corp LAN (10.10.0.0/20) → 10.10.1.2 (OPNsense)
- Static route: DMZ (172.16.10.0/24) → 10.10.1.2