MOL & iptables

Subject: MOL & iptables
From: Steve Blackburn (steveb@cs.umass.edu)
Date: Wed Dec 05 2001 - 12:53:56 MST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Stephen Prause: "MOL date and time warp"
• Previous message: Keary Suska: "Re: got it! yaboot is back!"
• Next in thread: OSx: "Re: MOL & iptables"

Hi,

I'm trying to get networking working with MOL & YDL 2.1:
  mol-0.9.60-4
  mol-kmods-0.9.60-4a
  kernel-2.4.10-12a

I tried to follow the directions Samuel gave back in August (below).
I've built and installed iptables (which are mysteriously missing from
YDL2.1).

After following the instructions and starting MOL I see the following:

# ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:E4:25:CD:31
          inet addr:128.119.245.2 Bcast:128.119.247.255
Mask:255.255.248.0
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:7145433 errors:120 dropped:10 overruns:0 frame:11
          TX packets:41792 errors:393 dropped:0 overruns:393 carrier:0
          collisions:0 txqueuelen:100
          Interrupt:42 Base address:0x2000

lo Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:11772 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11772 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0

Trying the first line from Samuel's tunconfig script,

# /sbin/ifconfig tun0 192.168.1.1
SIOCSIFADDR: No such device
tun0: unknown interface: No such device

# ls -l /dev/net
total 0
crw-r--r-- 1 root root 10, 200 Dec 5 11:45 tun

Any clues?

--Steve

Samuel's email:

Subject: Re: mol networking + 2.4.8
From: Samuel Rydh (samuel@ibrium.se)
Date: Thu Aug 23 2001 - 16:06:25 MDT

On Thu, Aug 23, 2001 at 05:26:35PM -0400, Jean-Jacques Levy wrote:
>
> Where is the documentation on mol + networking for 2.4.8-ben0 linux
> PPC kernel on a Titanium? Previously I was using ethertap/ipchains
> with a 2.2.18 kernel on a Lombard.

There are several possibilities.

1. Network configuration in /etc/molrc:

netdev: eth0 # this is for AppleTalk
netdev: tun0 -tun # this is for TCP/IP

2. Kernel configuration:

Network device support
======================================================================
CONFIG_TUN (Network device support -> Universal TUN/TAP device driver
support)

Networking options
======================================================================
CONFIG_NETFILTER (Networking options -> Network packet filtering)

Networking options -> Netfilter Configuration:
======================================================================
CONFIG_IP_NF_CONNTRACK (Connection tracking)
CONFIG_IP_NF_IPTABLES (IP tables support)
CONFIG_IP_NF_NAT (Full NAT)
Some of the other options in this group is probably also needed,
(but the default setting should be OK).

I.e. this is a normal masquerading setup except for adding
the the tun support.

3. Create the file /usr/lib/mol/bin/tunconfig

It should look like
---- cut here ---
#!/bin/bash
/sbin/ifconfig tun0 192.168.1.1
/sbin/iptables -D POSTROUTING -t nat -s 192.168.1.0/24 -d !
192.168.1.0/24 -j MASQUERADE >& /dev/null
/sbin/iptables -t nat -s 192.168.1.0/24 -d ! 192.168.1.0/24 -A
POSTROUTING -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
--- end ----

Make it executable (chmod 755 /usr/lib/mol/bin/tunconfig)

4. Optionally add the following to /etc/hosts (recommended):

192.168.1.0 tunnetwork
192.168.1.1 tun
192.168.1.2 tun-mol

5. Configure TCP/IP in MacOS:

Select "Ethernet, port 1"
IP: 192.168.1.2
netmask: 255.255.255.0
gateway: 192.168.1.1
nameserver: whatever is used in linux

6. Configure AppleTalk in MacOS

Select "Ethernet, port 2"

7. Optionally add the following to /etc/hosts.allow

ALL: 192.168.1.2

Some comments:
==============

- The tun0 device can't be configured until MOL is started.
(This is the reason why MOL calls the configuration script)

- MOL must be started by root (at least for now - the
script won't have root privileges otherwise).

- It is only necessary two specify two different netdev lines
in /etc/molrc if AppleTalk is to be used.

- The configuration assumes the default policy is
ACCEPT (can be examined by doing '/sbin/iptables -L'.

- The iptables package must be installed.

- Make sure there is a /dev/net/tun device.
(Can be created with 'mkdir /dev/net ; mknod /dev/net/tun c 10 200').

I'm greatful for comments/suggestions/improvements (I'm currently
working with the new user-guide which will eventually cover this
in more detail).

Good Luck,

/Samuel

----------------------------------------------------------
 E-mail <samuel@ibrium.se> WWW: <http://www.ibrium.se>
  Phone/fax: (home) +46 8 4418431, (work) +46 8 7908174
----------------------------------------------------------

• Next message: Stephen Prause: "MOL date and time warp"
• Previous message: Keary Suska: "Re: got it! yaboot is back!"
• Next in thread: OSx: "Re: MOL & iptables"

This archive was generated by hypermail 2a24 : Wed Dec 05 2001 - 13:07:28 MST