I'm setting up a test lab situation where multiple computers will have the same IP addresses, so they need vlan separation. For example, a group of virtual machines will have IPs 192.168.1.200, 192.168.1.201, etc. And another group of virtual machines will also have the same IPs.
I want to provide NAT mappings to each of the virtual machines so that each of them can be publicly accessible. I'm using Ubuntu 11.04 with iptables.
Note: I'm normally a Windows admin, but Linux was the better solution here.
So basically I want the iptables NAT mapping to point to a specific interface and allow multiple duplicate IPs to co-exist.
Is this possible with a single Ubuntu device? I'm using virtual networking fabric so I don't have a physical network device in-between all of these.
Here's a diagram to represent it:
My NAT rules may be something like this:
iptables -t nat -I PREROUTING -d 72.73.74.75 -j DNAT --to-destination 192.168.1.200 -o eth1.5
iptables -t nat -I POSTROUTING -s 192.168.1.200 -j SNAT --to-source 72.73.74.75 -i eth1.5
It's the -i and -o that seem to only work with the public NIC so that's the part that I couldn't quite get working. For example, using -i in the POSTROUTING (SNAT) gives this error: Can't use -i with POSTROUTING. -o does the same with DNAT.
Any suggestions on which way to go to achieve this?
Best Answer
You need to use a second NAT to get around your problem---create a 4th VM with distinct IPs on either VLAN and have it do a second layer of NAT to hit the actual hosts on the 4th VM's VLAN. You could also create those 4th VMs on the Ubuntu SPF, of course.
I do have to ask the question, however: why do you want to do this---could you just have two Ubuntu boxes, one on 5, one on 6?