Start Here — Capstone Server+ Lab

Build a real server lab from scratch

A bare-metal server. A free hypervisor. Five virtual machines on three isolated networks. A firewall doing routing, DNS, DHCP, and Network Address Translation. Real services running on top.

Three zones, one firewall, real services. The "school network" is the outside world. pfSense is the gatekeeper between zones. The DMZ holds your jumpbox (a hardened SSH gateway). The LAN holds your services.

By the end, a packet leaving Linux Desktop can reach Google.com — and you'll know exactly what happens at every hop.

This is the same architecture every small business runs. You're building a tiny version of the real thing.

3

Phases

5

VMs

3

Subnets

~30h

Total time

The five VMs and why each exists

Each VM has one job. Knowing what role it plays makes troubleshooting 10× easier when something breaks.

🖥️

Proxmox Host

The hypervisor. Runs all the other VMs. Three virtual switches (bridges) connect them.

10.10.10.10

🛡️

pfSense2 (VM 103)

Firewall + router. Every cross-subnet packet goes through here. Also runs DHCP and DNS resolver.

.110.10 / .1 / .1

💻

Jumpbox (VM 101)

The lobby. SSH into here from outside the LAN. Only this DMZ box is reachable from the school network.

172.16.0.100

🐧

LinuxServer (VM 105)

Web + database tier. NGINX, Apache, MariaDB, PHP. Serves real traffic to clients.

192.168.0.20

🪟

WinSrv (VM 102)

Windows tier. Active Directory Domain Services, internal DNS, IIS web server, file shares.

192.168.0.15

Before you start — checklist

Don't begin until you can check off every item. 90% of "stuck on Phase 1" cases come from skipping prep.

🖥️

Hardware

HP ML350p Gen8 (or equivalent), VGA monitor, USB keyboard, ethernet cable, USB stick (4 GB+).

📀

ISO downloads

Proxmox VE 8.2 · Ubuntu Server 24.04+ · Ubuntu Desktop · Windows Server 2025 Eval · pfSense CE 2.8.

⏱️

Time

Block out 3–4 weeks, ~3 hours per session, multiple sessions. Don't rush single phases.

📝

A notebook

Write down every password you set, every IP you assign, every install date. You will forget.

📷

Screenshot habit

Every time something works, screenshot it. The lab report needs evidence. Cmd+Shift+5 on macOS.

🤝

Instructor's help

You'll need school network details — WAN IP range, gateway, MAC filtering rules, port 8006 reachability.

Your path — three phases, in order

Click the green button on a phase to open the detailed step-by-step. Phase 1 first — every later phase depends on it.

1

Hardware + Hypervisor

~6–8 hours · 5 stages

Open the server, configure BIOS, build a RAID 5 array, install Proxmox VE 8.2. Empty hypervisor ready to host VMs.

Inventory hardware
BIOS · enable virtualization
RAID 5 across 3 disks
Install Proxmox
First login + sanity check

▶ Start Phase 1 Slides

2

Network + VMs

~10–14 hours · 8 stages

Plan your IP scheme, create three virtual switches, install pfSense, then jumpbox + WinSrv + LinuxServer + Linux Desktop. Every VM has a static IP and reaches the internet.

3-zone IP plan
vmbr1 + vmbr2 bridges
pfSense firewall install
Jumpbox · WinSrv · LinuxServer · Linux Desktop

▶ Start Phase 2 Slides

3

Services + Verify

~9–13 hours · 5 stages

Turn on DHCP and DNS, lock down the LAN with a 9-rule firewall, install LAMP/LEMP, promote WinSrv to a Domain Controller. End-to-end test from the desktop.

pfSense DHCP + DNS
9-rule LAN firewall
LAMP/LEMP install
Active Directory promotion
End-to-end verification

▶ Start Phase 3 LAMP/LEMP

Reference + help — bookmark these

Keep these tabs open while you work. Each is a self-contained tool, not a sequence.

Capstone Server+ — Onboarding