i want to connect two green networks in different subnets with DNat & SNat in VMware Workstation
i read the wiki and i set the rules, it doesnt work
imagine i have following setup:
green —> 10.10.1.1
red → 192.168.10.1
green → 10.10.2.1
red → 192.168.10.2
and i have a windows server running in the green network “a” addressed as 10.10.1.50 and it has webserver running at port 80
i want to see the web page of network “a” (with 10.10.1.50) from network “b” (10.10.2.1)
and i want to have ping 10.10.1.50 from 10.10.2.1
i did that before in VMware via Ipsec and that worked with ipsec scenario
now i want to learn DNat and Snat Method
Connecting two different system behind two diffrenet network through DNat with ipfire installed on Vmware
Please do not refer me to wiki
Your network design involves multiple layers, so it’s important to clearly identify the roles of DNAT and SNAT in the process.
If a machine in Network B needs to reach the server in Network A, then IPFire A is responsible for DNAT. For this rule in IPFire A, you’d specify the following: Source would be IPFire A’s RED interface, destination would be 10.10.1.50, protocol is TCP, and both the external port and the destination port would be 80 (assuming the web server listens on this port).
IPFire B, on the other hand, should handle the SNAT to properly route return packets to the machine in Network B. For the SNAT rule in IPFire B, specify the source as 10.10.2.1 and the SNAT IP as 192.168.10.2. Again, the protocol is TCP, and both the external port and the destination port should be set to 80.
Static routes would need to be defined on both IPFire A and IPFire B to ensure that traffic knows how to get from one network to the other. On IPFire A, you would specify that to reach Network B’s subnet (10.10.2.0/24), the next hop is IPFire B’s red interface IP (192.168.10.2). Conversely, on IPFire B, you’d specify that to reach Network A’s subnet (10.10.1.0/24), the next hop is IPFire A’s red interface IP (192.168.10.1). This ensures that packets are properly routed between the two networks.
This is just a base assumption and I can’t test it, but this should be the logic you follow.
By the way, just for routing packets between the two networks, you do not need any NAT. In your mini internet there is no scarcity of IPs. Why the complexity? You would do this double-reciprocal-NAT only if you need to obfuscate the IPs of the two networks.