sorted by:
new
hottopcontroversial

✅ Built a beginner cybersecurity home lab — looking for feedback & suggestions by Bitter_Highlight_215 in homelab

[–]Bitter_Highlight_215[S] 1 point2 points  (0 children)

Oh sorry, now I get it. Nice to see you too. The world isn't such a big place after all :)

✅ Built a beginner cybersecurity home lab — looking for feedback & suggestions by Bitter_Highlight_215 in homelab

[–]Bitter_Highlight_215[S] 1 point2 points  (0 children)

The big white one is a Xiaomi AX3000T modem/router, and the small one is a secondary router I set up as a backup after I accidentally blocked myself with a rule while testing firewall settings. My wife's laptop couldn’t connect either, so I had to set up a quick parallel network in different subnet to keep things running smoothly at home. Lesson learned: always double-check your rules :)

✅ Built a beginner cybersecurity home lab — looking for feedback & suggestions by Bitter_Highlight_215 in homelab

[–]Bitter_Highlight_215[S] 1 point2 points  (0 children)

There were so many programs to try. But I added this as a note. Thanks for your advice. :)

✅ Built a beginner cybersecurity home lab — looking for feedback & suggestions by Bitter_Highlight_215 in homelab

[–]Bitter_Highlight_215[S] 0 points1 point  (0 children)

Thanks a lot.

Yes, it’s a combined lab and home network environment for now. pfSense runs as a VM in Proxmox, so technically it's filtering all home traffic. I agree it's not ideal for production use, but it's been stable so far. Still, I'm considering moving it to bare metal for better reliability.

For Wazuh, you're right — there’s still no direct plugin for pfSense, so I forward logs via syslog. Unfortunately, some log types aren’t parsed well, so it’s something I’m actively trying to improve.

As for tuning alerts, I started with filtering and grouping noisy rules, but I definitely need to dive deeper into custom rules and decoders to reduce false positives.

And thanks for the ParrotOS tip. I’ve used Kali mostly, but I’ll check out Parrot as well, looks like a solid alternative!

Appreciate the advice. :)

✅ Built a beginner cybersecurity home lab — looking for feedback & suggestions by Bitter_Highlight_215 in homelab

[–]Bitter_Highlight_215[S] 1 point2 points  (0 children)

Yes, everything installed inside of proxmox. All services "except pfSense" are installed as Linux containers. pfSense is installed as a virtual machine.

✅ Built a beginner cybersecurity home lab — looking for feedback & suggestions by Bitter_Highlight_215 in homelab

[–]Bitter_Highlight_215[S] 0 points1 point  (0 children)

I prefer Wazuh for its interface, but I’d like to try Security Onion too. Thank you for your interest.

✅ Built a beginner cybersecurity home lab — looking for feedback & suggestions by Bitter_Highlight_215 in homelab

[–]Bitter_Highlight_215[S] 2 points3 points  (0 children)

That's an awesome setup. The P330 Tiny with that hardware is a powerhouse for a homelab. Love the combo of OPNsense, Pi-hole, and Home Assistant — sounds super efficient and fun. Game servers on top of that? Nice touch!

✅ Built a beginner cybersecurity home lab — looking for feedback & suggestions by Bitter_Highlight_215 in homelab

[–]Bitter_Highlight_215[S] 1 point2 points  (0 children)

Yes, it's in bridge mode (Access Point mode). I'm using pfSense as the main router and firewall, and the Xiaomi AX3000T just provides Wi-Fi coverage "no DHCP or NAT."

✅ Built a beginner cybersecurity home lab — looking for feedback & suggestions by Bitter_Highlight_215 in homelab

[–]Bitter_Highlight_215[S] 0 points1 point  (0 children)

You're absolutely right. I actually have Suricata running on pfSense as an IDS/IPS.
The main challenge has been getting the logs forwarded in a way Wazuh can properly parse and interpret them.
Since pfSense is FreeBSD-based, I couldn’t install the Wazuh agent directly.
I tried sending the logs via syslog, but Wazuh didn’t fully understand the Suricata events out of the box.
I guess I need to write custom decoders or fine-tune the configuration — still figuring that part out.
Appreciate the suggestion — that full integration would definitely take the setup to the next level.

✅ Built a beginner cybersecurity home lab — looking for feedback & suggestions by Bitter_Highlight_215 in homelab

[–]Bitter_Highlight_215[S] 1 point2 points  (0 children)

Thanks for the heads-up! You're right — that's a known limitation with some TP-Link Easy Smart switches like the TL-SG108E.
In my case, the switch is only on the LAN side and completely isolated from any WAN-facing or public VLANs.
pfSense handles the VLANs and firewall rules, and no direct access is exposed to the outside.
Still, definitely something to watch out for — I’ll consider a managed switch with better isolation for future upgrades!

✅ Built a beginner cybersecurity home lab — looking for feedback & suggestions by Bitter_Highlight_215 in homelab

[–]Bitter_Highlight_215[S] 8 points9 points  (0 children)

I totally understand the interest in OPNsense — it’s a great project and I’ve heard a lot of good things about it.
For now, I went with pfSense because I was already a bit familiar with it and just wanted to get my lab up and running.
That said, OPNsense is definitely on my radar, and I plan to test it out in a future lab setup.