Hi, I don't understand though, I thought 172.16.0.1 was inside and 192.168.1.121 was outside?

Actually it depends . I just put that because you need to define that config on the interface. As you are not doing this for Internet exit, it is actually all "inside" and you can define better what you want to call inside and what you want to call outside as soon as it is coherent with:

R1(config)#ip nat inside source static 192.168.0.1 192.168.2.121
R1(config)#ip nat inside source static 172.16.0.1 192.168.2.121

For your VM access the internet, this NAT is not necessary. The problem about VM access to the internet is that you need to use your physical machine as a router  so at least you need to add one route on the Physical machine send traffic back to your Lab.

https://docs.gns3.com/docs/using-gns3/advanced/connect-gns3-internet/ 

Right right right. That's great because that's actually what I was guessing I need to do. But just to be clear, `192.168.2.121` is only a typo, sorry, it should be `192.168.1.121` (please check my topology). So I think in fact I need to go...

R1(config)#ip nat inside source static 192.168.0.1 192.168.1.121
R1(config)#ip nat inside source static 172.16.0.1 192.168.1.121

...and that should be it, I think.

Edit: OK, I tried that, but I'm not sure if it worked or not?

R1(config)#ip nat inside source static 192.168.0.1 192.168.1.121
R1(config)#ip nat inside source static 172.16.0.1 192.168.1.121
% similar static entry (192.168.0.1 -> 192.168.1.121) already exists

Recap.....if you are studying about NAT, that´s OK. You can define what you want to call inside and outside in your network and move one.

But, as I said, if you are using NAT because you want to access the internet from your GNS3 machine, it is not necessary. You dont need NAT as you already have NAT on your ISP router. You just need routes.

Look at the link below:

https://docs.gns3.com/docs/using-gns3/advanced/connect-gns3-internet/ 

> You just need routes.

OK, so how do I do that please?

I've read that links many times before, in fact that is exactly the guide I've been trying to work from for several weeks. But I'm really stuck because although my router can ping 8.8.8.8 and even by domain name I think, the VMs can't. I was told

> Does the "cloud" have a route back to 192.168.0.0/24? [...] If you didn't put it there, the answer is no. So that's your problem. The return traffic has no route to your VM.

...which I think is perhaps the same as what you are saying, but I don't know how to proceed.

Edit: OK, I think I might possibly be getting it. I really hope so!

When I go `ip route` on the host I see this:

But I think I should possibly also have another 2 entries in there, for 172.16.0.1 and 192.168.0.1, right?

Edit2: I see I can ping `192.168.1.121` from the host, but not `192.168.0.1`.

Edit3: would this make any sense at all?

On the physical router:

route ADD 192.168.0.0 MASK 255.255.255.0 192.168.1.121 METRIC 1
route ADD 172.16.0.0 MASK 255.255.255.0 192.168.1.121 METRIC 1

 Not the cloud, your machine. Imagine you are using Windows and I will consider that you are leaving from Staff_PC, then you need to add a route on your machine like this

But dont forget, you need to have an virtual interface on your physical machine on the same network as 192.168.1.0.

Make sure you machine physical interface dont overlap with those address.   Otherwise, change your LAB addressing.

Ah, brilliant, that is almost what I just came up with myself. But I'm hoping I can do the same for both subnets (?), right? And I thought perhaps I would use 'METRIC 1', although to be honest I don't fully understand what that does...

route ADD 192.168.0.0 MASK 255.255.255.0 192.168.1.121 METRIC 1
route ADD 172.16.0.0 MASK 255.255.255.0 192.168.1.121 METRIC 1

Is it OK please? Thanks.

Exactly. Any network you want but just keep in mind that it needs to be different from you local home network.

OK, well I've got the point where I can ping the VMs from the physical machine, but not the other way round.

I'm concerned that the 192.168.*.* IPs could be overlapping with my physical machine, so I suppose the next step will be to change all those interfaces to something that definitely won't overlap, like 10.0.*.*, right?

Edit: wait a minute, what am I talking about? 192.168.0.* doesn't overlap with 192.168.1.*, so I guess that should be OK actually?

You need to check this but I dont think it is.

Does you Physical machine has Firewall?  I think this can be something else and not networking.

I tried turning the Windows firewall off, but the only difference that made was that I could then ping 192.168.1.11 (the physical machine) successfully; I still couldn't ping 8.8.8.8.

The firewall does have all the correct GNS3 rules in place, as far as I know:

 Make sure to turn the firewall off completely. 

Well, now you are able to communicate from your lab to your home network right?  Try to run a traceroute from your LAB machine to the internet, let´s see where it stops.

traceroute 8.8.8.8

Unfortunately I can't run traceroute as I can't install it without a web connection!