Infrastructure documentation

Homelab
Overview

A practical infrastructure lab focused on firewalling, networking, DNS, DHCP, Cisco switching, virtualization, documentation, and future security monitoring.

Lab Summary

The homelab is currently in its foundation phase: edge firewall deployed, public site online, and managed switching / virtualization planned next.

Primary Goal

Build a real infrastructure environment that can be documented as a technical portfolio and used for hands-on networking, systems, and security practice.

Portfolio Hands-on Technical

Current Phase

Stabilizing the firewall, documenting the network foundation, and preparing the next hardware and virtualization milestones.

Foundation Firewall Docs

Next Phase

Configure Cisco switching, establish switch management, then move into Proxmox virtualization and segmented lab services.

Pending Cisco Proxmox

Current Status

This table tracks the current state of the core homelab components.

Component Status Purpose
pfSense Firewall Deployed Primary edge firewall, router, DHCP, DNS foundation, and NAT.
Static Public IP Online Public WAN address delivered through ISP DHCP reservation.
Cloudflare Pages Online Public hosting for the InfraSynth Labs website.
Cloudflare DNS Active Public DNS management for the domain and future services.
Cisco Catalyst 3750G Pending Planned core switch for lab devices and future VLAN work.
Proxmox Planned Future virtualization host for Linux servers, Docker, and lab services.
VLAN Segmentation Planned Future separation for admin, servers, guest, IoT, and public services.
Monitoring Planned Future visibility into uptime, logs, performance, and network health.

Network Topology

The current network is intentionally simple. Complexity will be added only after each layer is stable and documented.

Current Topology

Internet
   │
Fiber ONT
   │
pfSense Firewall
   │
Lab Network
   │
Clients / Server Hardware

Current Foundation

Firewall pfSense
WAN DHCP Static
LAN DHCP Active
DNS Resolver Active

Planned Topology

Internet
   │
Fiber ONT
   │
pfSense Firewall
   │
Cisco Catalyst 3750G
   │
├── Admin Workstation
├── Proxmox Host
├── Lab Clients
├── Future Wi-Fi AP
└── Future Server / Services

Hardware

Hardware is being introduced in stages to keep the environment stable and easy to troubleshoot.

pfSense Firewall

Primary firewall and router for the lab. Currently handles WAN access, LAN routing, DHCP, DNS foundation, NAT, and firewall policy.

Deployed Firewall Router

Cisco Catalyst 3750G

Planned core switch for managed switching, lab devices, switch management, future trunking, and VLAN design practice.

Pending Cisco Switching

Virtualization Host

Planned Proxmox host for Ubuntu Server, Docker services, monitoring, internal tools, and future lab workloads.

Planned Proxmox Linux

Client Systems

Desktop systems available for admin access, testing, lab clients, and future endpoint experiments.

Clients Testing Admin

Fiber ONT

ISP handoff for the internet connection. pfSense connects behind the ONT as the primary firewall.

Active WAN Fiber

Former ISP Router

ISP router has been removed from the primary routing role. It may be repurposed later only if needed.

Replaced ISP Gear

Network Plan

The lab will move from a flat foundation into a more structured environment over time.

Current Design

The current design uses pfSense as the main firewall and gateway. This keeps the network stable while the lab foundation is documented and verified.

pfSense Gateway LAN DHCP DNS Resolver Automatic NAT

Internal Naming

Firewall FW01
Core Switch CORE-SW01
Hypervisor HV01
Monitoring MON01

Future VLAN Plan

VLAN Purpose Status
VLAN 10 Trusted LAN / admin devices Planned
VLAN 20 Servers and internal services Planned
VLAN 30 DMZ / public-facing services Planned
VLAN 40 IoT, test devices, and isolated clients Planned
VLAN 50 Guest network Planned
VLAN 99 Management network Planned

Security Direction

The lab is designed around controlled exposure, segmentation, documentation, and public-safe reporting.

Security Principles

Management interfaces should remain internal. Public services should be intentional, isolated, documented, and separated from personal devices and administrative systems.

Least Privilege Segmentation No Public Admin Panels Sanitized Docs

Do Not Publish

Real WAN IP No
MAC Addresses No
Serial Numbers No
Credentials No

Roadmap

Planned milestones for turning the current foundation into a stronger infrastructure portfolio.

Phase 1 — Firewall Foundation

Deploy pfSense, confirm WAN connectivity, establish LAN DHCP/DNS, and document the initial network.

Phase 2 — Managed Switching

Configure Cisco Catalyst 3750G baseline management, hostname, management IP, secure login, SSH, and saved configuration.

Phase 3 — Virtualization

Install Proxmox, create the first Linux VM, and begin hosting internal lab services.

Phase 4 — Segmentation

Introduce VLANs, inter-VLAN firewall rules, service isolation, and management separation.

Phase 5 — Monitoring

Add monitoring, logging, dashboards, uptime tracking, and future security visibility.

Next Actions

pfSense Docs Next
WAN Log Next
Cisco Baseline Pending
Proxmox Plan Planned