I have been trying to find information on this and perhaps I don't know what I am looking for. Everything I find is about simulating poor performance to test an application; that is not what I am after.
I have built a lab to practice and teach IT Security techniques. The lab is entirely internal with no real internet connectivity (unless I need it to update something then I just switch interfaces).
I am wanting to have one VM inside this lab have a 'public' IP. Let's say 137.74.131[.]208 for an example. I want to have this VM attack other devices in my lab so that the firewall, SIEM, etc sees it as an external IP and not another private IP.
My current setup is running inside ProxMox with quite a few things joined by a single PfSense. I.e.
PfSense with LAN (10.10.10.x IP) and WAN (192.168.1.x IP) interfaces on vmbr1 and vmbr0 interfaces respectively Kali-linux (assigned to vmbr0 interface) IIS servers (assigned to vmbr1 interface, port forwarding through pfsense) workstations, domain controllers, siem, etc etc (assigned to vmrb1 interface) In my current setup I have some nice automated attacks from the kali box, great alerting, and an all around great place to learn and teach IR and Blue team stuff. But everything malicious shows up as coming from 192.168.1.x.
I have seen labs where they have simulated external IPs on their network but I have no idea how they've done this. Any advice would be greatly appreciated.