Network Routing with pfSense - RIT-GCI-CyberRange/Openstack-Guides GitHub Wiki

By default, when using OpenStack routers and networks, port security is enabled by default. When port security is enabled, MAC and IP spoofing is blocked. To bypass this, port security can be disabled and routing can be facilitated by a deployed pfSense instance. This setup can be somewhat time consuming to complete manually. In an effort to cut down on the deployment time and configuration of this simulated network, a script and step by step guide has been created here: pfSense Network Deployment.

The script by default will create three networks and three machines. There is one machine allocated to each network for testing purposes. Additionally, a pfSense instance is deployed and connected to the environment. The WAN has an Internet enabled OpenStack router connected to it to facilitate an open internet connection for the infrastructure as well. Further manual configuration of the pfSense instance is necessary to ensure all networks can openly communicate. Steps are provided to create a wide open network with no blocked traffic. After the deployment of this infrastructure, it should be possible to both conduct MAC and IP spoofing as well as other network based attacks.