Today was a day of Linux exploration. I made a dual boot for Windows 7 + Ubuntu 9.10 and it works pretty well so far (if doesn't take into account that I almost don't have a free space left on HDD). Let's summarize today's findings:
- GNS3 can and better be downloaded as a source. However, we can just start it without any compilation.
- Also we need a python-qt4 for GNS3 to work properly. apt-get install python-qt4.
- Dynamips should be dowloaded as a binaries. We can just put it to the GNS folder and that's all.
- Wireshark can be downloaded as a package via Synaptic Packager Manager (don't forget to launch it as a root or you won't see any interfaces available for capture). We can add gksudo key before path to WireShark in shortcut.
- GNS3 should be launched with root privileges to be able to connect routers to tap interfaces. sudo .[path]/gns3 or create a shortcut and add the following to the "command" option gksudo /[path]/gns3
- On of the most important things that I've learned today is that tap interfaces play a role of loopback interfaces in Windows. They can be created with following commands:
- tunctl -t tap1
ifconfig tap1 192.168.139.1 netmask 255.255.255.0 up
- These commands require uml-utilities package. So: apt-get install uml-utilities
- But they will be gone after rebooting, so to automate the process we can create a script with commands beyond and place it in /etc/init.d directory. Than we need to add privileges to execute the file with sudo chmod +x /etc/init.d/[file name]. And as a final step we need to execute sudo update-rc.d [file name] defaults. It will add our script to startup scripts.
At this point we are almost done. Our routers can ping tap interfaces. However, Linux won't route the traffic between interfaces. As a consequence we can't communicate with an outside world or even with VirtualBox guests bridged with another tap interfaces.
In order to make it possible, we should enable
routing in Linux. Also we can enable
NAT.
I've done it via
UFW. Great simple firewall. Actually, it's an front-end to
iptables.
Here are steps to configure routing and NAT.
First, packet forwarding need to be enabled.
We need to modify 2 configuration files:
1.
/etc/default/ufw change DEFAULT_FORWARD_POLICY to "ACCEPT".
2.
/etc/ufw/sysctl.conf uncomment
/net/ipv4/ip_forward=1
After previous steps our Linux machine will begin to forward packets between it's interfaces!
Only NAT configuration left and it pretty straightforward.
We need to add rules to the
/etc/ufw/before.rules file. We need to add the following string right to the top of the file after the header comments:
# nat Table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Forward traffic from eth1 through eth0.
-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
# don't delete the 'COMMIT' line or these nat table rules won't be processed
COMMIT
Of course, ip networks and interface names should be replaced with appropriate.
eth0 in this example is our outside interface on which translation will be performed.
192.168.0.0/24 subnet is our internal subnet which requires translation.
Only restarting the firewall left.
sudo ufw disable && sudo ufw enable
After all we have done, it's just left to enjoy our speedy routers in Linux! Cheers!
P.S. Here is the way to enable communication with an outside world from Blindhog.net.
To configure communication with outside world, we can't just connect router to the eth0 interface in the cloud. First we have to create tap interface and bridge it to the real interface eth0 and then connect router to the tap interface. Following is a copy/paste from blindhog.net blog:
Here are the steps to manually create a bridge group.
======================================
- Create a tap interface
sudo tunctl -t tap0
- Remove ip addressing and set eth0 and tap0 to promiscuous mode
sudo ifconfig tap0 0.0.0.0 promisc up
sudo ifconfig eth0 0.0.0.0 promisc up
- Create a new bridge interface
sudo brctl addbr br0
- Add tap0 and eth0 to the bridge group
sudo brctl addif br0 tap0
sudo brctl addif br0 eth0
- Enable the bridge interface and give it an ip address
sudo ifconfig br0 up
sudo ifconfig br0 10.10.10.99/24
- Configure the default route
sudo route add default gw 10.10.10.254
Here are the steps to reverse the changes (these can be copied and pasted in)
======================================
sudo ifconfig br0 down
sudo brctl delif br0 eth0
sudo brctl delif br0 tap0
sudo brctl delbr br0
sudo tunctl -d tap0
sudo ifconfig eth0 up
sudo ifconfig eth0 10.10.10.99/24
sudo route add default gw 10.10.10.254
Add the following to your /etc/network/interfaces config file if you are using static addressing.
======================================
auto br0
iface br0 inet static
address 10.10.10.99
netmask 255.255.255.0
gateway 10.10.10.254
bridge-ports eth0 tap0
pre-up ifconfig eth0 0.0.0.0 promisc up
pre-up ifconfig tap0 0.0.0.0 promisc up
Add the following to your /etc/network/interfaces config file if you are using dhcp.
======================================
auto br0
iface br0 inet dhcp
bridge-ports eth0 tap0
pre-up ifconfig eth0 0.0.0.0 promisc up
pre-up ifconfig tap0 0.0.0.0 promisc up