K1 - vmnet5 K2 - vmnet6 Bridge - vmnet5, vmnet6, vmnet7 R1 - vmnet7, vmnet9, vmnet10 R2 - vmnet9, vmnet11 K3 - vmnet11 R3 - vmnet10, vmnet12 R4 - vmnet12, vmnet13 Server - vmnet13 K1 ip link set dev eth0 up ip a a 10.1.0.1/16 dev eth0 K2 ip link set dev eth0 up ip a a 10.1.0.2/16 dev eth0 Bridge ip link set dev eth0 up ip link set dev eth1 up ip link set dev eth2 up brctl addbr s1 brctl addif s1 eth0 brctl addif s1 eth1 brctl addif s1 eth2 ip link set dev s1 up echo 1 > /proc/sys/net/ipv4/ip_forward R1 ip link set dev eth0 up ip link set dev eth1 up ip link set dev eth2 up ip a a 10.1.0.3/16 dev eth0 echo 1 > /proc/sys/net/ipv4/ip_forward ip a a 10.2.0.1/16 dev eth1 K1 ip r a 0/0 via 10.1.0.3 K2 ip r a 0/0 via 10.1.0.3 R2 ip link set dev eth0 up ip link set dev eth1 up ip a a 10.2.0.2/16 dev eth0 echo 1 > /proc/sys/net/ipv4/ip_forward ip r a 0/0 via 10.2.0.1 ip a a 10.3.0.1/16 dev eth1 K3 ip link set dev eth0 up ip a a 10.3.0.2/16 dev eth0 ip r a 0/0 via 10.3.0.1 R1 ip a a 10.4.0.1/16 dev eth2 R3 ip link set dev eth0 up ip link set dev eth1 up ip a a 10.4.0.2/16 dev eth0 echo 1 > /proc/sys/net/ipv4/ip_forward ip a a 80.1.1.1/8 dev eth1 R1 ip r a 10.3.0.0/16 via 10.2.0.2 ip r a 0/0 via 10.4.0.2 R4 ip link set dev eth0 up ip link set dev eth1 up ip a a 80.1.1.2/8 dev eth0 ip a a 120.1.1.2/8 dev eth1 echo 1 > /proc/sys/net/ipv4/ip_forward Server ip link set dev eth0 up ip a a 120.1.1.1/8 dev eth0 ip r a 0/0 via 120.1.1.2 R3 ip r a 120.0.0.0/8 via 80.1.1.2 ip r a 0/0 via 10.4.0.1 K1 ping 10.4.0.2 R3 iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE K1 ping 120.1.1.1 Server iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP iptables -A INPUT -80 -j ACCEPT httpd iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT R3 iptables -t nat -A PREROUTING -p tcp --dport 8080 -i eth1 -j DNAT --to-destination 10.3.0.2:80 Server lynx 80.1.1.1:8080