2 layers of NAT in Virtualbox without virtual routers?
Posted: 4. Feb 2019, 17:16
Hello people
Please be advised that I have some knowledge about how internetworking works, but I have never used VB to recreate an actual working network topology, so my question will be strictly about the technicalities of how VB works internally. I've been tying to find an answer to my question for 2 days on the internet, including the docs on VB's page with no success (or maybye I just don't understand something).
I'm currently doing an assingment for a job interview, and I've been asked to prepare a simple topology in VB, consisting of:
1. Linux Server, openvpn server installed
2. Linux Client, openvpn client
3. FreeNAS appliance, openvpn client
Here are the rules:
a) Client must be able to communicate with Server
b) FreeNAS must be able to communicate with server
c) Client and FreeNAS must not "see each other".
d) Client and FreeNAS will only see each other once they're both connected to a VPN (hosted by Server)
e) All virtual machines does not have to be able to communicate with Host (my computer), also Client and FreeNAS might communicate with the Internet only after connecting to VPN
Of course It's not the full assingment, just a part of it, but the rest in not a subject of my question
So, I managed to do this, by connecting the Server in bridged mode. Then, I created 2 networks in VB via File -> Global Settings -> Network (one network for example 192.168.200.0/24, the other 192.168.300.0/24). I connected Client in "NAT service" mode to 192.168.200.0/24, and FreeNAS in "NAT service" mode to 192.168.300.0/24. Tested it, and indeed I could SSH from Client to server, SSH from FreeNAS to server, but could not SSH, Ping or anything else from Client to FreeNAS and from FreeNAS to Client.
Although, there is one slight problem.
After I finish, they asked me to export all VM's so they could grade my assessment. But of course, VPN keys won't work for Client and FreeNAS once they unpack the VM's, because when they boot up the Server in bridged mode, their Host machine's DHCP will assign a random IP from their address space, which means the client access keys to the VPN will have a wrong remote host address in them.
So my question is, is there a possibility to transfer the entire topology as-it-is just "one step lower" in NAT, so the Server VM won't be given a dynamic IP from DHCP, but a static IP behind a NAT'ted router? Is this possible without creating virtual linux routers in this topology? Again, I can create such topology with GNS3, but they explicitly asked me to to this in VirtualBox and I'm wondering is there a "painless" way to do this.
Sorry if this is a noob question
Please be advised that I have some knowledge about how internetworking works, but I have never used VB to recreate an actual working network topology, so my question will be strictly about the technicalities of how VB works internally. I've been tying to find an answer to my question for 2 days on the internet, including the docs on VB's page with no success (or maybye I just don't understand something).
I'm currently doing an assingment for a job interview, and I've been asked to prepare a simple topology in VB, consisting of:
1. Linux Server, openvpn server installed
2. Linux Client, openvpn client
3. FreeNAS appliance, openvpn client
Here are the rules:
a) Client must be able to communicate with Server
b) FreeNAS must be able to communicate with server
c) Client and FreeNAS must not "see each other".
d) Client and FreeNAS will only see each other once they're both connected to a VPN (hosted by Server)
e) All virtual machines does not have to be able to communicate with Host (my computer), also Client and FreeNAS might communicate with the Internet only after connecting to VPN
Of course It's not the full assingment, just a part of it, but the rest in not a subject of my question
So, I managed to do this, by connecting the Server in bridged mode. Then, I created 2 networks in VB via File -> Global Settings -> Network (one network for example 192.168.200.0/24, the other 192.168.300.0/24). I connected Client in "NAT service" mode to 192.168.200.0/24, and FreeNAS in "NAT service" mode to 192.168.300.0/24. Tested it, and indeed I could SSH from Client to server, SSH from FreeNAS to server, but could not SSH, Ping or anything else from Client to FreeNAS and from FreeNAS to Client.
Although, there is one slight problem.
After I finish, they asked me to export all VM's so they could grade my assessment. But of course, VPN keys won't work for Client and FreeNAS once they unpack the VM's, because when they boot up the Server in bridged mode, their Host machine's DHCP will assign a random IP from their address space, which means the client access keys to the VPN will have a wrong remote host address in them.
So my question is, is there a possibility to transfer the entire topology as-it-is just "one step lower" in NAT, so the Server VM won't be given a dynamic IP from DHCP, but a static IP behind a NAT'ted router? Is this possible without creating virtual linux routers in this topology? Again, I can create such topology with GNS3, but they explicitly asked me to to this in VirtualBox and I'm wondering is there a "painless" way to do this.
Sorry if this is a noob question