Wednesday, March 3, 2010

GNS3 in Ubuntu 9.10

Today was a day of Linux exploration. I made a dual boot for Windows 7 + Ubuntu 9.10 and it works pretty well so far (if doesn't take into account that I almost don't have a free space left on HDD). Let's summarize today's findings:
  1. GNS3 can and better be downloaded as a source. However, we can just start it without any compilation.
  2. Also we need a python-qt4 for GNS3 to work properly. apt-get install python-qt4.
  3. Dynamips should be dowloaded as a binaries. We can just put it to the GNS folder and that's all.
  4. Wireshark can be downloaded as a package via Synaptic Packager Manager (don't forget to launch it as a root or you won't see any interfaces available for capture). We can add gksudo key before path to WireShark in shortcut.
  5. GNS3 should be launched with root privileges to be able to connect routers to tap interfaces. sudo .[path]/gns3 or create a shortcut and add the following to the "command" option  gksudo /[path]/gns3
  6. On of the most important things that I've learned today is that tap interfaces play a role of loopback interfaces in Windows. They can be created with following commands:
    • tunctl -t tap1
      ifconfig tap1 192.168.139.1 netmask 255.255.255.0 up 
  7. These commands require uml-utilities package. So: apt-get install uml-utilities
  8. But they will be gone after rebooting, so to automate the process  we can create a script with commands beyond and place it in /etc/init.d directory. Than we need to add privileges to execute the file with sudo chmod +x /etc/init.d/[file name]. And as a final step we need to execute sudo update-rc.d [file name] defaults. It will add our script to startup scripts.  
At this point we are almost done. Our routers can ping tap interfaces. However, Linux won't route the traffic between interfaces. As a consequence we can't communicate with an outside world or even with VirtualBox guests bridged with another tap interfaces.

In order to make it possible, we should enable routing in Linux. Also we can enable NAT.
I've done it via UFW. Great simple firewall. Actually, it's an front-end to iptables.
Here are steps to configure routing and NAT.

First, packet forwarding need to be enabled.
We need to modify 2 configuration files:
1.  /etc/default/ufw change DEFAULT_FORWARD_POLICY to "ACCEPT".
2.  /etc/ufw/sysctl.conf uncomment /net/ipv4/ip_forward=1
After previous steps our Linux machine will begin to forward packets between it's interfaces!
Only NAT configuration left and it pretty straightforward.
We need to add rules to the /etc/ufw/before.rules file. We need to add the following string right to the top of the file after the header comments:
# nat Table rules
*nat
:POSTROUTING ACCEPT [0:0]

# Forward traffic from eth1 through eth0.
-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE

# don't delete the 'COMMIT' line or these nat table rules won't be processed
COMMIT
Of course, ip networks and interface names should be replaced with appropriate. eth0 in this example is our outside interface on which translation will be performed. 192.168.0.0/24 subnet is our internal subnet which requires translation.
Only restarting the firewall left.
sudo ufw disable && sudo ufw enable

After all we have done, it's just left to enjoy our speedy routers in Linux! Cheers!


P.S. Here is the way to enable communication with an outside world from Blindhog.net.

To configure communication with outside world, we can't just connect router to the eth0 interface in the cloud. First we have to create tap interface and bridge it to the real interface eth0 and then connect router to the tap interface. Following is a copy/paste from blindhog.net blog:

    Here are the steps to manually create a bridge group.
    ======================================
    1. Create a tap interface
      sudo tunctl -t tap0
    2. Remove ip addressing and set eth0 and tap0 to promiscuous mode
      sudo ifconfig tap0 0.0.0.0 promisc up
      sudo ifconfig eth0 0.0.0.0 promisc up
    3. Create a new bridge interface
      sudo brctl addbr br0
    4. Add tap0 and eth0 to the bridge group
      sudo brctl addif br0 tap0
      sudo brctl addif br0 eth0
    5. Enable the bridge interface and give it an ip address
      sudo ifconfig br0 up
      sudo ifconfig br0 10.10.10.99/24
    6. Configure the default route
      sudo route add default gw 10.10.10.254

    Here are the steps to reverse the changes (these can be copied and pasted in)
    ======================================
    sudo ifconfig br0 down
    sudo brctl delif br0 eth0
    sudo brctl delif br0 tap0
    sudo brctl delbr br0
    sudo tunctl -d tap0
    sudo ifconfig eth0 up
    sudo ifconfig eth0 10.10.10.99/24
    sudo route add default gw 10.10.10.254
     
    Add the following to your /etc/network/interfaces config file if you are using static addressing.
    ======================================
    auto br0
    iface br0 inet static
    address 10.10.10.99
    netmask 255.255.255.0
    gateway 10.10.10.254
    bridge-ports eth0 tap0
    pre-up ifconfig eth0 0.0.0.0 promisc up
    pre-up ifconfig tap0 0.0.0.0 promisc up
     
    Add the following to your /etc/network/interfaces config file if you are using dhcp.
    ======================================
    auto br0
    iface br0 inet dhcp
    bridge-ports eth0 tap0
    pre-up ifconfig eth0 0.0.0.0 promisc up
    pre-up ifconfig tap0 0.0.0.0 promisc up
      Posted by at
      Labels: , ,

      No comments:

      Post a Comment

      Subscribe to: Post Comments (Atom)