Hey welcome to part 2 of my Ultimate Cybersecurity Lab Project! if you want to get hands on across networking, firewalls, cybersecurity, docker and containers then this is the perfect project for you! In this episode we build all our vulnerable machines, metasploitable2, dvwa, bwapp and webgoat.
Problem=fixed When trying to start prod-ms2, it would give a "TASK ERROR: storage 'local' does not support content-type 'images'". I fixed this by going to "/etc/pve/storage.cfg" and adding "images" to the the end of content line. That line now looks like this "content iso,vztmpl,backup,images"
Hi Gerard. Loving the series. Would you be able to go through how you setup the networking aspect in Proxmox in as much detail as the rest of the stuff? I tried to make mine look like yours by pausing the video and I broke it. Many thanks.
hey, thanks for the support. I maanged to have a work around in Virtual Lab for Vlan tagging. you can set the vlan tagging on ubuntu while install setting a VLAn tag Id , set the promiscuous mode on on virtual machine newetwork adaptor, and once installed manually set the ethernet adaptor on promiscous mode and should be good to go.(Sudo ifconfig enp0s3.30 promisc) and set the parent on portainer for vlan30-config as enp0s3.30.
As others have also run into this issue, there is an easier/faster way to import the VM image in Proxmox without needing to update the config file. If you are following the tutorial, then the following command is what you'd use after converting the image into the qcow2 format: qm set 204 --ide0 local:0,import-from=/var/lib/vz/images/204/Metasploitable.qcow2 In my case, I used the following for a VM ID of 303 and Ceph storage named CephPool: qm set 303 --ide0 CephPool:0,import-from=/var/lib/vz/images/303/Metasploitable.qcow2 Resizing the VM disk is simply done via the Proxmox GUI.
hey, i am creating this lab on VirtualBox. as you know vlan tagging isnot straight forwar on virtual box i am having few isues. the one I am concerned now is portainer vlan30 container. I have createed the vlan30-config/vlan30 networks. chose enp0s3 as parent. i created the container to use this subnet, but when i try to coneect using 10.10.30.128 I cannot. any idea the parent enp0s3 is enp0s3.30 and also there is enp0s3.30@enp0s3. I have tried these options as well still no luck . please suggest. thanks
sorry I forgot to mention the tutorial and lab is pretty good . thank you, i have a proxmos setup but because i have to boot into i avois it and i use my windows as i use it for all others. so I tried VBOX
Awesome vid! Any chance yo can help? The NGINX image is being pulled but I get a "secure connection failed" error. Not able to access the NGINX container page
Gerard, First I would like to thank you for the amazing videos. I am currently following this lab series of yours, replicating it on Virtual Box. I have had no issue up until the macvlan portion. I have configured macvlan and new containers are assigned ip addr of 10.10.20.128 and so on like in your video. the network adapters are in promisc mode, my parent adapter is enp0s3, and subnet is 10.10.20.0/24 with gateway 10.10.20.254 and ip range 10.10.20.128/27 but I cant access any of the web app containers. going into the console of each container in the 10.10.20.128/27 I can ping the gateway 10.10.20.254, but in kali linux i cannot ping any of the web app containers. What could be the issue?
This lab is made up of many different vm's. you can build them one by one, depending on what you need. I think some people have built what they need using vmware workstation though :)
there's this error about the pool overlapping when creating vlan30, other comments suggest restarting pfsense and the docker host, I went further and ran the 'prune" command but all that and no amount of reboot seems to help. Do you have any other suggestions? I'll keep searching though because I really want to complete this.
I notice that the vlan30-config network is configured on the same 10.10.30.0/24 subnet that my host interface ens18 is using (with IP 10.10.30.50). This overlap is likely causing the error, as Docker is trying to assign IPs within a subnet that the host itself is already using. Which makes me wonder how come it worked for you in your demo
guess I need to join the reboot train, couple of days later, I rebooted my Proxmox host, every single vm in the cluster and tried again before it worked. no idea what changed, I tried lots of random stuff....weird talking to myself, hopefully this helps someone.
Hey mate sorry I've been so focused on building the next lab series! Thanks for sharing this, this will definitely help others having problems! 👍. Good work getting it going!
Okay Im running into an issue when creating the 2nd network in Portainer. It says "Failure, Invalid pool request: Pool overlaps with other one on this address space.
I read that there were possibly some containers running using the network so rebooted the ubuntu server and I was able to add the vlan30 network... continuing on. 👍
So Just to be clear with how you setup your network......you have pfsense create a network with vlans, but you still have a separate network via you modem/router correct as in 192.168.?.? Just so I have a picture in my head how I would setup my networks
Hello Gerard, thanks for the wonderful videos. I was following along with you here on setting up Metasploitable but when i power it on, i get this error "TASK ERROR: storage 'local' does not support content-type 'images' " Can you help? my metasploitable vm is not powering up in Proxmox.
Hey mate, yea you need to allow local storage.. there's a comment below that had the same problem... See fix below hope that helps! Hey this can also be fixed via the UI, select Server View (top left menu), then click on Datacenter > Storage (middle menu) > select local and click on edit > under content dropdown make sure Disk Image is selected
Hi Gerard. Great Series!!!! i've a problem with Portainer, the ngix is on 10.10.30.128 but kali don't open it (The first with the 9433 works perfect). I've try installing bwapp, that is on 10.10.30.129 and Kali don't openi too. Both gives a timed out. Any suggestion?
I have the same. Were you able to resolve? IP looks like it gets assigned for the correct range, but unable to connect via Kali, or ping the IP address from anywhere.
Struggling to connect to any container on vlan30 in Portainer. I deployed an nginx-vlan30 test, and also bwapp. Have checked config and all looks good. Any pointers?
@@gerardobrien Container running with an IP on vlan 30. Can see the 10.10.30.128 assigned in Portainer, but unable to connect to it from the Kali box (or the DC).
I am getting "TASK ERROR: storage 'local' does not support content-type 'images'" when trying to start the prod-metasploitable2 VM after doing everything to a T you did in the video. It will say start is successful and then spit out this error. Any ideas?
Problem=fixed When trying to start prod-ms2, it would give a "TASK ERROR: storage 'local' does not support content-type 'images'". I fixed this by going to "/etc/pve/storage.cfg" and adding "images" to the the end of content line. That line now looks like this "content iso,vztmpl,backup,images" Thanks to @benjaminjackson5194
Hey this can also be fixed via the UI, select Server View (top left menu), then click on Datacenter > Storage (middle menu) > select local and click on edit > under content dropdown make sure Disk Image is selected
Can you help me understand/troubleshoot why I canning create vlan30 network. I keep getting error message: pool overlaps. I can create the vlan30-config network. But when I try to create vlan30 based on that config I get the error message.
Sounds like your DHCP pools are overlapping. Make sure each VLAN and DHCP is configured with different subnets. VLAN1 = 10.10.1.0/24 (DHCP pool=10.10.1.50-100). VLAN10 = 10.10.10.0/24 (DHCP pool=10.10.10.50-100). VLAN20 = 10.10.20.0/24 (DHCP pool=10.10.20.50-100). VLAN30 = 10.10.30.0/24 (DHCP pool=10.10.30.50-100). Hope that helps :)
@@gerardobrien Thanks for the series, really appreciating it. I have the same issue as @tristanhoughton8203 - this relates to Portainer network config. When you create vlan30 based on the config vlan30-config, we get the error message "pool overlaps with other one on this address space"
I was able to resolve this error by restarting the server and the firewall. Is there any chance that our test nginx container was interfering with this configuration? I did not need to change any configuration to my VLAN30 in pfsense. Previous video was spot on and it was easy to get the right config. In portainer, when configuring macvlan, I was getting error message ‘pool overlap’. I tried changing the address range by then got a different message like ‘gateway in use’. So I restarted server and pfsense and the config worked just fine. Not sure if that helps.
Following on from episode-1, the content is really good. Some explanations can be better particularly for beginners and at times, difficult to understand due to lack of clarity.
Hey welcome to part 2 of my Ultimate Cybersecurity Lab Project! if you want to get hands on across networking, firewalls, cybersecurity, docker and containers then this is the perfect project for you! In this episode we build all our vulnerable machines, metasploitable2, dvwa, bwapp and webgoat.
Problem=fixed When trying to start prod-ms2, it would give a "TASK ERROR: storage 'local' does not support content-type 'images'". I fixed this by going to "/etc/pve/storage.cfg" and adding "images" to the the end of content line. That line now looks like this "content iso,vztmpl,backup,images"
Hey good find and thanks for sharing! You can also do this though the proxmox UI in the storage settings 😬
This fixed my issue I just commented. Thank you!!
This is what solved the issue for me. Thanks for providing the comment @benjaminjackson5194
Another comment to save the day.
thank you!!!!!
Hi Gerard. Loving the series. Would you be able to go through how you setup the networking aspect in Proxmox in as much detail as the rest of the stuff? I tried to make mine look like yours by pausing the video and I broke it. Many thanks.
Hey there, send me some screenshots of your networking page and settings 😬 I'll try to help you out
hey, thanks for the support. I maanged to have a work around in Virtual Lab for Vlan tagging. you can set the vlan tagging on ubuntu while install setting a VLAn tag Id , set the promiscuous mode on on virtual machine newetwork adaptor, and once installed manually set the ethernet adaptor on promiscous mode and should be good to go.(Sudo ifconfig enp0s3.30 promisc) and set the parent on portainer for vlan30-config as enp0s3.30.
Your channel is a hidden gem, thanks for sharing and cant wait for more videos! 🔥
As others have also run into this issue, there is an easier/faster way to import the VM image in Proxmox without needing to update the config file.
If you are following the tutorial, then the following command is what you'd use after converting the image into the qcow2 format:
qm set 204 --ide0 local:0,import-from=/var/lib/vz/images/204/Metasploitable.qcow2
In my case, I used the following for a VM ID of 303 and Ceph storage named CephPool:
qm set 303 --ide0 CephPool:0,import-from=/var/lib/vz/images/303/Metasploitable.qcow2
Resizing the VM disk is simply done via the Proxmox GUI.
Great thanks for sharing!!! 😀
This worked great for me! Thank you so much for sharing
Thanks, Gerard. I'm really enjoying following along with this project. Much appreciated.
hey, i am creating this lab on VirtualBox. as you know vlan tagging isnot straight forwar on virtual box i am having few isues. the one I am concerned now is portainer vlan30 container. I have createed the vlan30-config/vlan30 networks. chose enp0s3 as parent. i created the container to use this subnet, but when i try to coneect using 10.10.30.128 I cannot. any idea
the parent enp0s3 is enp0s3.30 and also there is enp0s3.30@enp0s3. I have tried these options as well still no luck . please suggest. thanks
This is great! Looking forward to the next one.
sorry I forgot to mention the tutorial and lab is pretty good . thank you, i have a proxmos setup but because i have to boot into i avois it and i use my windows as i use it for all others. so I tried VBOX
This series is fantastic! I'm building this on my unRAID system and taking notes. I never understood Portainer before, but it's so simple now!
It's a good tool! But next time I'll use Podman 👍 check it out
amazing work, that was a real challenge thank you for great teaching. look forward to the next episode
Love it man, Thank you, please dont stop
Can you do a video on your "perfect" careerpath if you were to do it all again and what you'd focus on etc... I'd love to watch that!
Great content! When will part 3 be ready?
Very very soon 😊
Keep the videos coming! Thank you for sharing your knowledge! Looking forward to the next video
Awesome vid! Any chance yo can help? The NGINX image is being pulled but I get a "secure connection failed" error. Not able to access the NGINX container page
hey mate do the other containers work ok?
Great work! can you work also with IPS(Suricata or snort)
I'll put it in my notes... I've sent about 20 other tools to add too 😆
Great start to this series!
Gerard, First I would like to thank you for the amazing videos.
I am currently following this lab series of yours, replicating it on Virtual Box.
I have had no issue up until the macvlan portion.
I have configured macvlan and new containers are assigned ip addr of 10.10.20.128 and so on like in your video.
the network adapters are in promisc mode, my parent adapter is enp0s3, and subnet is 10.10.20.0/24 with gateway 10.10.20.254 and ip range 10.10.20.128/27 but I cant access any of the web app containers.
going into the console of each container in the 10.10.20.128/27 I can ping the gateway 10.10.20.254, but in kali linux i cannot ping any of the web app containers.
What could be the issue?
did you get this working in the end?
can this deployed within a VM as I dont have spare PC to setup hence was thinking of deploying within a Vm
This lab is made up of many different vm's. you can build them one by one, depending on what you need. I think some people have built what they need using vmware workstation though :)
there's this error about the pool overlapping when creating vlan30, other comments suggest restarting pfsense and the docker host, I went further and ran the 'prune" command but all that and no amount of reboot seems to help. Do you have any other suggestions? I'll keep searching though because I really want to complete this.
I notice that the vlan30-config network is configured on the same 10.10.30.0/24 subnet that my host interface ens18 is using (with IP 10.10.30.50). This overlap is likely causing the error, as Docker is trying to assign IPs within a subnet that the host itself is already using. Which makes me wonder how come it worked for you in your demo
guess I need to join the reboot train, couple of days later, I rebooted my Proxmox host, every single vm in the cluster and tried again before it worked. no idea what changed, I tried lots of random stuff....weird talking to myself, hopefully this helps someone.
Hey mate sorry I've been so focused on building the next lab series! Thanks for sharing this, this will definitely help others having problems! 👍. Good work getting it going!
Okay Im running into an issue when creating the 2nd network in Portainer. It says "Failure, Invalid pool request: Pool overlaps with other one on this address space.
I read that there were possibly some containers running using the network so rebooted the ubuntu server and I was able to add the vlan30 network... continuing on. 👍
@@raygomez1847 thanks for sharing!
So Just to be clear with how you setup your network......you have pfsense create a network with vlans, but you still have a separate network via you modem/router correct as in 192.168.?.?
Just so I have a picture in my head how I would setup my networks
Hey there I put a post up today that explains the network, hope that helps!
Hello Gerard, thanks for the wonderful videos. I was following along with you here on setting up Metasploitable but when i power it on, i get this error "TASK ERROR: storage 'local' does not support content-type 'images' "
Can you help? my metasploitable vm is not powering up in Proxmox.
Hey mate, yea you need to allow local storage.. there's a comment below that had the same problem... See fix below hope that helps!
Hey this can also be fixed via the UI, select Server View (top left menu), then click on Datacenter > Storage (middle menu) > select local and click on edit > under content dropdown make sure Disk Image is selected
@@gerardobrien Thanks that works
@@gerardobrien Awesome, and thank you. This worked for me....
Hi Gerard.
Great Series!!!!
i've a problem with Portainer, the ngix is on 10.10.30.128 but kali don't open it (The first with the 9433 works perfect). I've try installing bwapp, that is on 10.10.30.129 and Kali don't openi too. Both gives a timed out. Any suggestion?
were you able to figure this out?
I have the same. Were you able to resolve? IP looks like it gets assigned for the correct range, but unable to connect via Kali, or ping the IP address from anywhere.
Will 16gb of ram be sufficient enough to run this lab when it's all completed?
Lets goo!! Made it to Episode 2!
Hey, really interested in this but would it be possible to only use Azure or AWS?
Struggling to connect to any container on vlan30 in Portainer. I deployed an nginx-vlan30 test, and also bwapp. Have checked config and all looks good. Any pointers?
hey mate, did you get this working? sorry for the delay in response!
@ no sadly not.
let me know what errors your getting, is your containers getting an IP in vlan 30?
@@gerardobrien Container running with an IP on vlan 30. Can see the 10.10.30.128 assigned in Portainer, but unable to connect to it from the Kali box (or the DC).
@@scottrhodges hey mate can you ping it? Some of the web apps are on certain ports
Man this is sick! Love this content!
Thank you so so much for this!
Thanks for this series! ❤❤❤
I am getting "TASK ERROR: storage 'local' does not support content-type 'images'" when trying to start the prod-metasploitable2 VM after doing everything to a T you did in the video. It will say start is successful and then spit out this error. Any ideas?
Problem=fixed When trying to start prod-ms2, it would give a "TASK ERROR: storage 'local' does not support content-type 'images'". I fixed this by going to "/etc/pve/storage.cfg" and adding "images" to the the end of content line. That line now looks like this "content iso,vztmpl,backup,images" Thanks to @benjaminjackson5194
Hey this can also be fixed via the UI, select Server View (top left menu), then click on Datacenter > Storage (middle menu) > select local and click on edit > under content dropdown make sure Disk Image is selected
I had a similar issue not being able to start ms2, this fix the issue, took about 10 seconds to do !! Thank you@@gerardobrien
Can you help me understand/troubleshoot why I canning create vlan30 network. I keep getting error message: pool overlaps.
I can create the vlan30-config network. But when I try to create vlan30 based on that config I get the error message.
Sounds like your DHCP pools are overlapping. Make sure each VLAN and DHCP is configured with different subnets.
VLAN1 = 10.10.1.0/24 (DHCP pool=10.10.1.50-100).
VLAN10 = 10.10.10.0/24 (DHCP pool=10.10.10.50-100).
VLAN20 = 10.10.20.0/24 (DHCP pool=10.10.20.50-100).
VLAN30 = 10.10.30.0/24 (DHCP pool=10.10.30.50-100).
Hope that helps :)
@@gerardobrien Thanks for the series, really appreciating it. I have the same issue as
@tristanhoughton8203 - this relates to Portainer network config. When you create vlan30 based on the config vlan30-config, we get the error message "pool overlaps with other one on this address space"
Can you send me screenshots of your portainer vlan30-config? And also the errors your having?
I was able to resolve this error by restarting the server and the firewall.
Is there any chance that our test nginx container was interfering with this configuration?
I did not need to change any configuration to my VLAN30 in pfsense. Previous video was spot on and it was easy to get the right config.
In portainer, when configuring macvlan, I was getting error message ‘pool overlap’. I tried changing the address range by then got a different message like ‘gateway in use’.
So I restarted server and pfsense and the config worked just fine.
Not sure if that helps.
@@gerardobrien All sorted, a reboot of the Instance sorted the issue, thanks for the response and help.
Thank you from 🇧🇷
mate, you change my point of view.
Thanks
Great work again man wish I didn’t find this so soon eager to get the lab finished 😂😂
I have a few more self hosted vulnerable machines from years ago. Hit me up if you would like to add to this lab. Great job so far.
Getting a bad checksum on this link. RUclips created a redirect for it as well. Just an FYI. Might need a new link.
thanks mate ill check it out :)
Thank you
loving your series. Metasploitable is not starting. i have done everything but will not start..lol
What error messages are you getting? You should see the log at the bottom of the proxmox screen
@@gerardobrien
TASK ERROR: storage 'local' does not support content-type 'images'
I'm getting the same error as well on Proxmox 8.2.2
Following on from episode-1, the content is really good. Some explanations can be better particularly for beginners and at times, difficult to understand due to lack of clarity.
Thanks for the feedback! I'll remember this for next videos 🙂
@@gerardobrien Good luck.
Yo