And vice versa for instance if your virtual devices need access to the outside from your lab. Below is topology & config how to do this one.
You need to create or edit your /etc/rc.local file accordingly your IP addressing range - in that scenario real network 10.83.0.0/16 and lab network 192.168.255.0/24 (please see topology). Anyway, I sure that you SHOULD change IP addresses to yours - please do it. Please reboot EVE-NG for configuration changes have an effect. Please make snapshot your system before you configuration!
Код: Выделить всё
root@eve-ng:~# cat /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
ip address add 192.168.255.1/24 dev pnet9
ip addr add 10.83.1.111/16 broadcast 10.83.255.255 dev pnet0
iptables -t nat -A POSTROUTING -o pnet0 -s 192.168.255.2 -j SNAT --to-source 10.83.1.111
iptables -t nat -A PREROUTING -i pnet0 -d 10.83.1.111 -j DNAT --to-destination 192.168.255.2
echo 1 > /proc/sys/net/ipv4/ip_forward
exit 0
root@eve-ng:~#
ip address add 192.168.255.1/24 dev pnet9
You assign ip address to Cloud9 interface that directly connected to R1.
ip addr add 10.83.1.111/16 broadcast 10.83.255.255 dev pnet0
You assign the SECONDARY ip address to pnet0 interface that accessible from your real network, after that, you should ping this one.
iptables -t nat -A POSTROUTING -o pnet0 -s 192.168.255.2 -j SNAT --to-source 10.83.1.111
iptables -t nat -A PREROUTING -i pnet0 -d 10.83.1.111 -j DNAT --to-destination 192.168.255.2
Static NAT one2one Linux iptables.
echo 1 > /proc/sys/net/ipv4/ip_forward
Enable Linux IP routing.
Verification:
Код: Выделить всё
root@eve-ng:~# telnet 192.168.255.2
Trying 192.168.255.2...
Connected to 192.168.255.2.
Escape character is '^]'.
-=R1=-
User Access Verification
Username: ed
Password:
R1#
R1#show ip route | include 0.0.0.0/0
S* 0.0.0.0/0 [250/0] via 192.168.255.1
R1#
R1#ping 192.168.255.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.255.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/5 ms
R1#
R1#
R1#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 17/17/18 ms
R1#
R1#
R1#ping da.ru
Translating "da.ru"
Translating "da.ru"
% Unrecognized host or address, or protocol not running.
R1#conf
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ip name
R1(config)#ip name-server 8.8.8.8
R1(config)#ip do
R1(config)#ip domain-
R1(config)#ip domain-lo
R1(config)#ip domain-lookup
R1(config)#
R1(config)#
R1(config)#do ping da.ru
Translating "da.ru"...domain server (8.8.8.8) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 193.36.35.113, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 11/11/12 ms
R1(config)#
R1(config)#no ip domain-lookup
R1(config)#no ip name-server 8.8.8.8
R1(config)#end
R1#
R1#wr
Building configuration...
[OK]
R1#
Код: Выделить всё
R1#show running-config | include nat
ip nat inside
ip nat inside
ip nat outside
ip nat inside source static tcp 10.1.3.3 23 10.1.4.10 23 extendable
ip nat inside source static 3.3.3.1 10.1.4.100
ip nat inside source static tcp 10.0.22.222 22 192.168.255.2 2222 extendable
ip nat inside source static tcp 10.0.22.223 22 192.168.255.2 2223 extendable
ip nat inside source static tcp 10.1.4.1 22 192.168.255.2 2333 extendable
ip nat inside source static tcp 10.0.30.1 443 192.168.255.2 4333 extendable
ip nat inside source static tcp 10.0.30.1 80 192.168.255.2 8888 extendable
R1#
Код: Выделить всё
R1#show ip route isis | begin Gateway
Gateway of last resort is 192.168.255.1 to network 0.0.0.0
2.0.0.0/32 is subnetted, 4 subnets
i L2 2.2.2.1 [115/10] via 10.1.1.2, 2d01h, Ethernet0/0
i L2 2.2.2.2 [115/10] via 10.1.1.2, 2d01h, Ethernet0/0
i L2 2.2.2.4 [115/10] via 10.1.1.2, 2d01h, Ethernet0/0
10.0.0.0/8 is variably subnetted, 12 subnets, 3 masks
i L2 10.0.20.0/24 [115/30] via 10.1.1.2, 2d01h, Ethernet0/0
[115/30] via 10.0.30.3, 2d01h, Ethernet0/3.10
i L2 10.0.22.222/32 [115/30] via 10.1.1.2, 2d01h, Ethernet0/0
[115/30] via 10.0.30.3, 2d01h, Ethernet0/3.10
i L2 10.0.22.223/32 [115/20] via 10.0.30.3, 2d01h, Ethernet0/3.10
i L2 10.0.23.0/24 [115/20] via 10.0.30.3, 2d01h, Ethernet0/3.10
R1#
R1#telnet 10.0.22.222
Trying 10.0.22.222 ... Open
-=vmx1=-
vmx1 (ttyp0)
login: ed
Password:
--- JUNOS 14.1R1.10 built 2014-06-07 09:37:07 UTC
ed@vmx1>
ed@vmx1> show system users
11:20PM up 4 days, 7:14, 1 user, load averages: 0.37, 2.09, 1.50
USER TTY FROM LOGIN@ IDLE WHAT
ed p0 10.1.1.1 11:20PM - -cli (cli)
ed@vmx1>
ed@vmx1> quit
[Connection to 10.0.22.222 closed by foreign host]
R1#
Helpful commands:
iptables -nvL -t nat
ip addr
cat /proc/sys/net/ipv4/ip_forward
---
PS.
Here is a description of how you can do it on the Hypervisor VMware ESXi configuration lever, but in my case, I have not access & authorization to Vcenter.
https://www.petenetlive.com/KB/Article/0001432
http://www.eve-ng.net/images/EVE-COOK-BOOK-1.2.pdf
PS2.
Here is a description of how to configure NAT overload or one to many.
https://d-herrmann.de/2018/04/nat-cloud ... y-edition/
PS3.
Please give us your feedback or let me know if you have any trouble with configurations.