High-Level Steps
ai. Create TAP interface on the GNS3 server

[code language=”bash”]
apt-get install uml-utilities
tunctl -t tap1
ifconfig tap1 192.168.1.254 netmask 255.255.255.0 up
[/code]

[code language=”bash”]
crontab -e
[/code]

[code language=”bash”]
@reboot /usr/sbin/tunctl -t tap1 /sbin/ifconfig tap1 192.168.1.254 netmask 255.255.255.0 up
[/code]

aii. Configure IP forwarding and NAT

[code language=”bash”]
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[/code]

[code language=”bash”]
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 ! -d 192.168.1.0/24 -j MASQUERADE
iptables -A FORWARD -i tap1 -j ACCEPT
[/code]

[code language=”bash”]
iptables -A INPUT -i tap1 -j ACCEPT
[/code]

[code language=”bash”]
iptables -A FORWARD -i eth0 -j ACCEPT
[/code]

[code language=”bash”]
iptables -A INPUT -i eth0 -j ACCEPT
[/code]

[code language=”bash”]
sudo apt-get install iptables-persistent
[/code]

[code language=”bash”]
sudo netfilter-persistent save
[/code]

** IP Tables explanation
aiii. Enable IP forwarding
  • By default, the IPv4 policy in many Linux kernels disables support for IP forwarding, which prevents boxes running Linux from functioning as dedicated edge routers. Because of our use case, we’ll need to enable this by running the following command:

[code language=”bash”]
sysctl -w net.ipv4.ip_forward=1
[/code]

  • If the above command is run via shell prompt, then the setting is not remembered after a reboot. You can permanently set forwarding by editing the /etc/sysctl.conf file
      • To make persistent

[code language=”bash”]
vim /etc/sysctl.conf
Uncomment net.ipv4.ip_forward=1
sysctl -p /etc/sysctl.conf
[/code]

  • IPv4 forwarding has to be enabled at kernel level so use the following command.

[code language=”bash”]
echo 1 > /proc/sys/net/ipv4/ip_forward
[/code]

aiv. In GNS3 client
  • Add a cloud object and connect to switch
  • Configure the default gateway of your clients to be TAP interface IP

One Response

  1. Pretty cool, Ip fails kernel level so did not work for me but in theory it should. I just better directions with linux as I am not as familiar. Permission denied is the last error of the last line, sudo or not.

Leave a Reply to Tim Cancel reply

Your email address will not be published. Required fields are marked *