Network segmenting of the same network addresses

Tutorial: Network segmenting of the same network addresses

Related Documents:

This application describes how to segment IP-Networks where the segmented Networks have the same IP-Address range.

See the Example diagram here:

The key here is to use the Network NAT and Static Route option of the mbNETFIX. With Network NAT you can create a so called virtual IP-Address Range and with Static Route you can add gateway's for this IP-Address Ranges. In our example, this is 192.168.100.0/24 for mbNETFIX NF1 and 192.168.101.0/24 for mbNETFIX NF2. These IP-Addresses are physically not present at the Network Interfaces, but the mbNETFIX's knowing them to be able to route to the other networks.

For example, PC1 wants to PING PC2, he has to PING 192.168.101.112 instead of 192.168.0.112. This means also that PC1 has the NF1 as his gateway, since only NF1 knows where to reach 192.168.101.112.


Notice

A gateway must be entered for both PC1 and PC2, as they would like to route into other networks. In principle the SNAT "WAN to LAN" function can also be enabled here, if for example only direction PC1 to PC2 is required. Consequently no gateway need to be entered on PC2. Then in NF2, SNAT "WAN to LAN" must be activated.

 

1. Settings of the PCs

2. Settings of mbNETFIX NF1


1. Settings of the PCs

  • PC1: IP: 192.168.0.112/24, Gateway: 192.168.0.105
  • PC2: IP: 192.168.0.112/24, Gateway: 192.168.0.105
  • PC3: IP: 172.25.15.74/16, Gateway: 172.25.25.253

2. Settings of mbNETFIX NF1

  1. Set it to Gateway Mode.
  2. Set IP-Addresses LAN and WAN.
  3. Activate Network NAT for the virtual Network of 192.168.100.0.
  4. Add a rule for ACCEPT the protocol ICMP on WAN to LAN (or any other acceptance you need for your project), so that you can ping PC1 from PC2.
  5. Add a rule for ACCEPT the protocol ICMP on LAN to WAN (or any other acceptance you need for your proejct), so that you can ping PC2 from PC1.
  6. Add a Static Route to mbNETFIX NF2 with the Network NAT of NF2.

If necessary, NF2 can be configured in a similar way.

 

Revision: V1.0