GNS3 on Azure 03: Configure GNS3 Internet Connectivity

High-Level Steps

ai. Create TAP interface on the GNS3 server

A TAP interface is a virtual network interface
- Documentation → Release Notes → v2.0
On GNS3 Server
- Create and configure tap interface (non persistent)

apt-get install uml-utilities
tunctl -t tap1
ifconfig tap1 192.168.1.254 netmask 255.255.255.0 up

crontab -e

@reboot /usr/sbin/tunctl -t tap1 /sbin/ifconfig tap1 192.168.1.254 netmask 255.255.255.0 up

aii. Configure IP forwarding and NAT

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

to create IPTables firewall rules to perform NAT and forward the packets through the interface specified after “-o” (eth0 – using its public IP address).
The rule uses the NAT packet matching table (-t nat) and specifies the built-in POSTROUTING chain for NAT (-A POSTROUTING) on the firewall’s external networking device (-o eth0).
- Keep in mind that the order of your rules matter. All of these iptables commands use the -A option to append the new rule to the end of a chain. If you want to put it somewhere else in the chain, you can use the -I option which allows you to specify the position of the new rule (or simply place it at the beginning of the chain by not specifying a rule number).
POSTROUTING allows packets to be altered as they are leaving the firewall’s external device.
The -j MASQUERADE target is specified to mask the private IP address of a node with the external IP address of the firewall/gateway.
To be more specific, we can use the following command

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 ! -d 192.168.1.0/24 -j MASQUERADE
iptables -A FORWARD -i tap1 -j ACCEPT

To allow FORWARDING or ROUTING on this interface
The FORWARD policy allows an administrator to control where packets can be routed within a LAN
This specifies that packets can be routed to the “tap1” interface

iptables -A INPUT -i tap1 -j ACCEPT

iptables -A FORWARD -i eth0 -j ACCEPT

iptables -A INPUT -i eth0 -j ACCEPT

- Save the firewall rules
  - On Ubuntu, the easiest way to save iptables rules, so they will survive a reboot, is to use the iptables-persistent package. Install it with apt-get like below. During the installation, you will asked if you want to save your current firewall rules.

sudo apt-get install iptables-persistent

If you update your firewall rules and want to save the changes, run this command:

sudo netfilter-persistent save

** IP Tables explanation

sudo iptables -S
sudo iptables -L
Excellent documentations on IPTABLES
Enter the following commands to create IPTables firewall rules to perform NAT and forward the packets from the interface specified after “-i” through the interface specified after “-o”.
Replace wlan0 with the interface on the physical computer which connects to the internet it could be ppp0 or br0 or something else. Ensure the IPTables rules persist, if you want to ensure the tap0 interface persists a reboot create a cron job to add it when Linux starts up.

aiii. Enable IP forwarding

By default, the IPv4 policy in many Linux kernels disables support for IP forwarding, which prevents boxes running Linux from functioning as dedicated edge routers. Because of our use case, we’ll need to enable this by running the following command:

sysctl -w net.ipv4.ip_forward=1

If the above command is run via shell prompt, then the setting is not remembered after a reboot. You can permanently set forwarding by editing the /etc/sysctl.conf file
- - To make persistent

vim /etc/sysctl.conf
Uncomment net.ipv4.ip_forward=1
sysctl -p /etc/sysctl.conf

echo 1 > /proc/sys/net/ipv4/ip_forward

aiv. In GNS3 client

1 Comment

Join the discussion and tell us your opinion.

Tim says:

May 15, 2019 at 7:49 pm

Pretty cool, Ip fails kernel level so did not work for me but in theory it should. I just better directions with linux as I am not as familiar. Permission denied is the last error of the last line, sudo or not.