Xena Knowledge Base

Test Source NAT Using XenaManager

Source NAT is typically used by internal users to access the internet; the source address is translated and thereby kept private.

Testbed Topology

We are using the testbed topology shown below to demonstrate how you can test a source NAT functions with bidirectional traffic, i.e. LAN-to-WAN and WAN-to-LAN.

The DUT has two interfaces, interface 37 and interface 38. The IP address of interface 37 is 37.0.0.1, and the IP address of interface 38 is 38.0.0.1.

Interface 37 is on the LAN side (incoming), and interface 38 is on the WAN side (outgoing). The source NAT policy is configured to replace the source IP address of the incoming traffic (LAN-to-WAN direction) with the outgoing interface address. This is exactly what a source NAT functions do.

We are going to show you how to create two streams, one for each direction, using XenaManager.

Stream Configuration Using XenaManager For Source NAT Testing

1. Reserve port 0 and port 1 on XenaManager.

2. Configure IP address for port 0 to be 37.0.0.2 (Resource Properties > Main Port Config > IPv4/IPv6 Properties). Make sure the gateway is set to 37.0.0.1, and check the options Reply to ARP Request and Reply to PINGv4 Request so the DUT is able to detect the port.

3. Configure IP address for port 1 to be 38.0.0.2 (Resource Properties > Main Port Config > IPv4/IPv6 Properties). Make sure the gateway is set to 38.0.0.1, and check the options Reply to ARP Request and Reply to PINGv4 Request so the DUT is able to detect the port.

4. Create one IP stream on each port.

5. For stream LAN-to-WAN, source IP = 37.0.0.2, destination IP = 38.0.0.2, SMAC = port 0’s MAC, DMAC = MAC address of DUT’s interface 37. If you do not know the MAC address of DUT’s interface, you can enter the IP address of the interface in Connectivity Check > IPv4 Gateway Address and click Send ARP. The test port will automatically resolve the DUT’s interface MAC address using ARP and put the address value in the stream’s DMAC field, as shown below.

6. For stream WAN-to-LAN, source IP = 38.0.0.2, destination IP = 38.0.0.1, SMAC = port 1’s MAC, DMAC = MAC address of DUT’s interface 38. If you do not know the MAC address of DUT’s interface, you can enter the IP address of the interface in Connectivity Check > IPv4 Gateway Address and click Send ARP. The test port will automatically resolve the DUT’s interface MAC address using ARP and put the address value in the stream’s DMAC field, as shown below.

7. Start traffic on both ports and you will check the bidirectional traffic in Global Statistics. You can also go to each port and capture the received traffic to a pcap file and examine it using Wireshark.