Routing between 2 nat networks?

This is for discussing general topics about how to use VirtualBox.

Routing between 2 nat networks?

Postby jowens660 » 20. Jun 2021, 16:16

I'm working on setting up a home lab to test some active directory stuff and do some pentesting. I've had success when having everything one nat network, but this doesn't really simulate a corp environment so I was wondering if you guys could help me with getting nat networks to talk to each other.

my plan for the layout is as follows

NAT 1: my attacking machine. network IP: 10.0.2.0/24
NAT 2: pfSense Firewall and a vuln Linux web server, the firewall should act as a DMZ with setting to block from my kali "External", and connections to and from the "Internal", Network IP: 10.0.3.0/24
NAT 3: windows AD stuff child of NAT 4. Network IP 10.0.4.0/24
NAT 4: windows AD stuff, parent domain for NAT 3 AD network. Network IP 10.0.5.0/24
NAT 5: pfSense and snort IPS between NAT 4 and NAT5, windows AD stuff simulated ADMIN network. Network IP: 10.0.6.0/24

each NAT would talk to the one above it and below in number, so 1 can reach 2, 2 can reach 1, and 3. So on up to 4 reaching 5.

1. Is a setup like this possible?
2. I'm not sure how to add routes so the Virtualbox routers can talk to each other?
3. And is it ok if I add the firewalls last, do they act as a replacement for the Virtualbox router?
jowens660
 
Posts: 2
Joined: 20. Jun 2021, 16:05

Re: Routing between 2 nat networks?

Postby scottgus1 » 20. Jun 2021, 19:44

Interesting project!

jowens660 wrote:Is a setup like this possible?

It ought to be, but I'm not sure if the default Virtualbox NAT and NAT Network can do it.

jowens660 wrote:I'm not sure how to add routes so the Virtualbox routers can talk to each other?

Go through https://download.virtualbox.org/virtual ... Manual.pdf, search for the word 'route', see if anything listed does what you want.

jowens660 wrote:And is it ok if I add the firewalls last, do they act as a replacement for the Virtualbox router?

If 'firewalls' are separate VMs that are plugged between your test VMs it should be OK.

See Virtualbox Networks: In Pictures for what Virtualbox networks are available. I am not sure if NAT/NAT Network will do what you want. For one thing, the WAN side of NAT/NAT Network always connects to he host's network stack, and you cannot reconfigure it to point anywhere else. On the other hand, a pfSense or other router OS VM acts as a complete router with WAN & LAN ports that can be connected to any other VM.

Try drawing your with boxes for the routers and firewalls, see what parts "In Pictures" can be substituted. (Remember that the WAN side of a NAT or NAT Network always connects to the host, nowhere else. So you can't stack Virtualbox NAT VMs. But you can stack pfSense VMs.) And you're going to need a pretty capable host.
scottgus1
Site Moderator
 
Posts: 12966
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: Routing between 2 nat networks?

Postby jowens660 » 21. Jun 2021, 00:07

Hi, thanks. I managed to get it working by adding a pfSense firewall between the networks and for example setting WAN 10.0.5.1 and LAN to 10.0.6.1 and adding a rule to allow any traffic from WAN through. The computers in each network can now ping each other and do AD trusts and such so I think I'm good to go. Oh and of course add the firewall IP as the default gateway in the windows IPv4 settings.
jowens660
 
Posts: 2
Joined: 20. Jun 2021, 16:05

Re: Routing between 2 nat networks?

Postby scottgus1 » 21. Jun 2021, 00:14

Great! Glad you're up and running.
scottgus1
Site Moderator
 
Posts: 12966
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux


Return to Using VirtualBox

Who is online

Users browsing this forum: No registered users and 13 guests