Router on a Stick
I'm setting up training labs and have this setup.
Attacker connects through WAN (10.0.2.4) on pfsense. Also have OPT1/DMZ at 10.0.4.4 with a webserver at 10.0.4.213. Now the tricky part.
LAN interface is 10.0.6.4.
I have two subnets 10.0.3.0 and 10.0.5.0 pointing to the 10.0.6.4. Goal is to build it out into more subnets like HR, Finance, Business, etc. I have UDRs set for each network and can reach each host just fine.
Problem: when I have a UDR set for 0.0.0.0/0 pointing to 10.0.6.4, I can't access the internet and pfsense does not see the traffic. Network watcher confirmed 10.0.6.4 is the next hop.
My goal is to build a network traffic analysis lab only focused on zeek and security onion. That works fine in 10.0.3.5, managed to setup port mirroring via open VPN on pfsense.
I want live web access to make noise, but hitting a wall. I may just give up and use inetsim to respond to the web/dns requests and stop fighting the routing/no internet. Internet works when the 0.0.0.0 rule is removed.
Any ideas what could be causing this? Or any ideas on a better way to do this? I'm slowly building out a network with VHDs I've configured and deploying via ARM templates.
Thank you in advance.