NAT Cloud in EVE-NG Community Edition

By | 1. April 2018

EVE-NG is a great network simulation tool available for free (Community Edition) which supports running all kind of network nodes (ASAv, NX-OSv, CSR1000v, Arista vEOS, and so on). There is a long list of supported images on their site.

I used it to prepare for my CCIE R&S switching exam and am now using it to go for CCIE Datacenter. Two things however bugged me from the first time using it:

  • There is no NAT cloud to easily connect devices to the Internet (imagine you’ve built a Linux image, added it to EVE-NG and now realize you forgot to install something)
  • Links are not hot-connectable, you need to shut down the devices to connect a link.

Both of this is available in the Professional edition. Apparently, the hot-add feature has already been implemented as addition to the community edition, however it looks like the author decided to create an own fork of EVE-NG with a nice feature list which should be available in Summer 2018. And the best thing is, it will be free and open source.

However, it is not there yet and I want to share with you how to create a NAT cloud in the EVE-NG community edition. Essentially, this is a virtual network with a DHCP server, which will allow NAT connections over the management interface of the EVE-NG VM for Internet access.

Interface, DHCP Server and NAT

First of all, we need to create a network which can be used in the topology. I’ll be using the predefined pnet9 interface (Cloud 9 network) for this, but any other interface will do.

This will assign an IP address to the device, enable IP forwarding in the kernel and establish an iptables rule to NAT the traffic to the pnet0 interface, which has the management IP address assigned. Technically, the pnet devices are bridges, but for the sake of this note this does not matter.

DHCP Server

We need an DHCP server on this interface lest we have to configure all the IP addressing for the Internet connection manually.

Next, we need to modify the DHCP server configs to look as follows:

Finally, start the DHCP server and enable it to start during boot

Thats about it. Whenever you use the Cloud 9 interface, there is a DHCP server running which allows Internet access.

Testing it

Create a small lab, for this example I only have a Linux node based on a Debian image. Next, add a network (+ icon on top of the screen, then network), give it a name and select the Cloud9 interface in the type dropdown.

This will place a small cloud icon in your lab topology, which you can use to connect your topology nodes to the Internet. You can connect as many nodes as you want, there is no limit in terms of the available Ethernet interfaces.

All devices connected to the cloud should have DHCP enabled. They will receive their address from DHCP in the pool 192.168.255.10 – 192.168.255.240. If you have some devices which can or should not receive their address using DHCP, you can configure them with a static IP address. You should avoid using addresses from the DHCP range, though.

Let’s start the lab and see what happens:

Looks like NAT Cloud is working in the fee EVE-NG Community Edition.

2 thoughts on “NAT Cloud in EVE-NG Community Edition

  1. anand

    i am a new to linux iptables dhcp configuration …. i did exactly what is in the blog. the service isc-dhcp-server fails.
    thought of rebooting and checking all the configurations lost except the dhcpd.conf.
    i am having trouble getting it to work.. is it possible for you to update the blog with complete steps (like for linux idiots) eg. iptables should be saved .. and how to keep the echo > 1 /proc/sys/net/ipv4/ip_forward to be persistent across reboots. i mean every step

    Reply
  2. GaH

    to save the iptables configuration after we add iptables -t nat -A POSTROUTING -o pnet0 -s 192.168.255.0/24 -j MASQUERADE –>
    1- sudo apt-get install iptables-persistent
    2- sudo netfilter-persistent save
    3- sudo netfilter-persistent reload
    reboot the system and do the follwing command : iptables -t nat -L it should shown the rule persistent

    for the /proc/sys/net/ipv4/ip_forward to be persistent across reboots

    1- nano /etc/sysctl.conf
    2- Uncomment net.ipv4.ip_forward=1
    # Uncomment the next line to enable packet forwarding for IPv4
    net.ipv4.ip_forward=1
    3- issue the following command : sudo sysctl -p /etc/sysctl.conf

    reboot the system and do the follwing command : cat /proc/sys/net/ipv4/ip_forward it should shown 1 in the output

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.