GNS3 on Azure 03: Configure GNS3 Internet Connectivity
access_timeJuly 29, 2018
perm_identity
Posted by admin
folder_open
Implementation

High-Level Steps
- Create a TAP interface on the GNS3 server
- Configure IP forwarding and NAT
- Configure your lab environment to use the TAP interface
ai. Create TAP interface on the GNS3 server
- A TAP interface is a virtual network interface
- Documentation → Release Notes → v2.0
- On GNS3 Server
- Create and configure tap interface (non persistent)
apt-get install uml-utilities tunctl -t tap1 ifconfig tap1 192.168.1.254 netmask 255.255.255.0 up
-
- To make persistent after a reboot
- Add the following to crontab
crontab -e
- Add the following to crontab
@reboot /usr/sbin/tunctl -t tap1 /sbin/ifconfig tap1 192.168.1.254 netmask 255.255.255.0 up
aii. Configure IP forwarding and NAT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
- to create IPTables firewall rules to perform NAT and forward the packets through the interface specified after “-o” (eth0 – using its public IP address).
- The rule uses the NAT packet matching table (-t nat) and specifies the built-in POSTROUTING chain for NAT (-A POSTROUTING) on the firewall’s external networking device (-o eth0).
- Keep in mind that the order of your rules matter. All of these iptables commands use the -A option to append the new rule to the end of a chain. If you want to put it somewhere else in the chain, you can use the -I option which allows you to specify the position of the new rule (or simply place it at the beginning of the chain by not specifying a rule number).
- POSTROUTING allows packets to be altered as they are leaving the firewall’s external device.
- The -j MASQUERADE target is specified to mask the private IP address of a node with the external IP address of the firewall/gateway.
- To be more specific, we can use the following command
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 ! -d 192.168.1.0/24 -j MASQUERADE iptables -A FORWARD -i tap1 -j ACCEPT
- To allow FORWARDING or ROUTING on this interface
- The FORWARD policy allows an administrator to control where packets can be routed within a LAN
- This specifies that packets can be routed to the “tap1” interface
iptables -A INPUT -i tap1 -j ACCEPT
- To accept all traffic on your TAP interface
iptables -A FORWARD -i eth0 -j ACCEPT
- To allow FORWARDING or ROUTING on this interface
iptables -A INPUT -i eth0 -j ACCEPT
- To accept all traffic on your eth0 interface
-
- Save the firewall rules
- On Ubuntu, the easiest way to save iptables rules, so they will survive a reboot, is to use the iptables-persistent package. Install it with apt-get like below. During the installation, you will asked if you want to save your current firewall rules.
- Save the firewall rules
sudo apt-get install iptables-persistent
- If you update your firewall rules and want to save the changes, run this command:
sudo netfilter-persistent save
** IP Tables explanation
- sudo iptables -S
- sudo iptables -L
- Excellent documentations on IPTABLES
- https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Security_Guide/s1-firewall-ipt-fwd.html
- https://www.digitalocean.com/community/tutorials/iptables-essentials-common-firewall-rules-and-commands
- https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/
- https://help.ubuntu.com/community/IptablesHowTo
- Enter the following commands to create IPTables firewall rules to perform NAT and forward the packets from the interface specified after “-i” through the interface specified after “-o”.
- Replace wlan0 with the interface on the physical computer which connects to the internet it could be ppp0 or br0 or something else. Ensure the IPTables rules persist, if you want to ensure the tap0 interface persists a reboot create a cron job to add it when Linux starts up.
aiii. Enable IP forwarding
- By default, the IPv4 policy in many Linux kernels disables support for IP forwarding, which prevents boxes running Linux from functioning as dedicated edge routers. Because of our use case, we’ll need to enable this by running the following command:
sysctl -w net.ipv4.ip_forward=1
- If the above command is run via shell prompt, then the setting is not remembered after a reboot. You can permanently set forwarding by editing the /etc/sysctl.conf file
-
- To make persistent
-
vim /etc/sysctl.conf Uncomment net.ipv4.ip_forward=1 sysctl -p /etc/sysctl.conf
- IPv4 forwarding has to be enabled at kernel level so use the following command.
echo 1 > /proc/sys/net/ipv4/ip_forward
aiv. In GNS3 client
- Add a cloud object and connect to switch
- Configure the default gateway of your clients to be TAP interface IP
SHARE THIS:
1 Comment
Join the discussion and tell us your opinion.
Pretty cool, Ip fails kernel level so did not work for me but in theory it should. I just better directions with linux as I am not as familiar. Permission denied is the last error of the last line, sudo or not.