2 layers of NAT in Virtualbox without virtual routers?

[sigmund1410]

Hello people
Please be advised that I have some knowledge about how internetworking works, but I have never used VB to recreate an actual working network topology, so my question will be strictly about the technicalities of how VB works internally. I've been tying to find an answer to my question for 2 days on the internet, including the docs on VB's page with no success (or maybye I just don't understand something).

I'm currently doing an assingment for a job interview, and I've been asked to prepare a simple topology in VB, consisting of:
1. Linux Server, openvpn server installed
2. Linux Client, openvpn client
3. FreeNAS appliance, openvpn client

Here are the rules:
a) Client must be able to communicate with Server
b) FreeNAS must be able to communicate with server
c) Client and FreeNAS must not "see each other".
d) Client and FreeNAS will only see each other once they're both connected to a VPN (hosted by Server)
e) All virtual machines does not have to be able to communicate with Host (my computer), also Client and FreeNAS might communicate with the Internet only after connecting to VPN

Of course It's not the full assingment, just a part of it, but the rest in not a subject of my question
So, I managed to do this, by connecting the Server in bridged mode. Then, I created 2 networks in VB via File -> Global Settings -> Network (one network for example 192.168.200.0/24, the other 192.168.300.0/24). I connected Client in "NAT service" mode to 192.168.200.0/24, and FreeNAS in "NAT service" mode to 192.168.300.0/24. Tested it, and indeed I could SSH from Client to server, SSH from FreeNAS to server, but could not SSH, Ping or anything else from Client to FreeNAS and from FreeNAS to Client.

Although, there is one slight problem.

After I finish, they asked me to export all VM's so they could grade my assessment. But of course, VPN keys won't work for Client and FreeNAS once they unpack the VM's, because when they boot up the Server in bridged mode, their Host machine's DHCP will assign a random IP from their address space, which means the client access keys to the VPN will have a wrong remote host address in them.

So my question is, is there a possibility to transfer the entire topology as-it-is just "one step lower" in NAT, so the Server VM won't be given a dynamic IP from DHCP, but a static IP behind a NAT'ted router? Is this possible without creating virtual linux routers in this topology? Again, I can create such topology with GNS3, but they explicitly asked me to to this in VirtualBox and I'm wondering is there a "painless" way to do this.

Sorry if this is a noob question

[BillG]

You have missed the point of the exercise. What they are looking for is using a VPN tunnel to allow the LAN machines to connect to each other and the Internet, not a routed solution. If a LAN machine is not connected to the server through a tunnel, it cannot access other machines on the LAN or access the Internet. It can only see the VPN server. If it is tunnelled through the LAN to the server, it can communicate as if on a normal LAN. The clients cannot access the router directly, only through the VPN server. This technique is used to isolate machines on a LAN but allow access for selected users who can access the VPN.

The "can see the server" and the "cannot see each other or the Internet" requirement is the clue to a tunnel being required. It is a pretty standard VPN question.

[sigmund1410]

Hey, thanks for response. I already know what is the purpose of this exercise, my only problem was how to set this up in a way so I could assign a static IP address to the Server, and make it still visible for the Client and FreeNAS, with Client and FreeNAS being on separate networks/subnets in the same time, so they can't see each other unless they're connected via the VPN tunnel. Again, my question was not about the principles of internetworking or how VPN works, but rather a technical question on how to achieve this topology in VB.