PenTest Home Lab Environement with QEMU/KVM


We use this to update our system. Especially our Kali Linux box which needs update from time to time.

NAT mode with IPv4 and DHCPv4 activated. For simplicity, IPv6 is deactivated and DNS uses network name.

This mode is similar to QEMU/KVM’s default (aptly named “default”) virtual network. However as a rule I prefer to create and configure rules myself.

  <forward mode="nat"/>
  <domain name="pentest-external"/>
  <ip address="" netmask="">
      <range start="" end=""/>

Private (Isolated)

Virtualized network that is completely separate from the production side, i.e., that cannot reach into the production side unless you want it to.

Isolated mode with IPv4 enabled but DHCPv4 and IPv6 deactivated. DNS is default (“Use network name”).

  <domain name="pentest-private"/>
  <ip address="" netmask=""/>


Links to this page