Linux Bridging for GNS3 LAN communications
Posted by Josh on Fri 19 Dec 2008Categories: CCIE , Cisco Routers , Dynamips , GNS3 , Linux , Voice LAB - [51] Comments
I apologize for the delay in posting the next tutorial in the virtual voice lab but I ran into a problem communicating from the HQ router to the host Ubuntu server. I thought I was able to communicate from the HQ router to the host during the Headquarters build tutorial….but I was wrong.
I discovered that I was able to communicate with every device on the LAN except the actual host machine. While troubleshooting, I finally read the GNS3 FAQ. Then I learned how to solve the problem with Josh Atterbury’s posts: ‘Dynamips External Cloud Interface on Linux – Part1 and Part2.
I have altered Josh’s setup a bit but the theory is the same. If you are running Ubuntu, you just need to install ‘uml-utilities’ and ‘bridge-utils’. Once the tap interface has been activated, you will need to change the GNS3 cloud object to use the tap0 interface instead of generic NIO and eth0.
Here are the steps to manually create a bridge group.
======================================
- Create a tap interface
sudo tunctl -t tap0 - Remove ip addressing and set eth0 and tap0 to promiscuous mode
sudo ifconfig tap0 0.0.0.0 promisc up
sudo ifconfig eth0 0.0.0.0 promisc up - Create a new bridge interface
sudo brctl addbr br0 - Add tap0 and eth0 to the bridge group
sudo brctl addif br0 tap0
sudo brctl addif br0 eth0 - Enable the bridge interface and give it an ip address
sudo ifconfig br0 up
sudo ifconfig br0 10.10.10.99/24 - Configure the default route
sudo route add default gw 10.10.10.254
Here are the steps to reverse the changes (these can be copied and pasted in)
======================================
sudo ifconfig br0 down
sudo brctl delif br0 eth0
sudo brctl delif br0 tap0
sudo brctl delbr br0
sudo tunctl -d tap0
sudo ifconfig eth0 up
sudo ifconfig eth0 10.10.10.99/24
sudo route add default gw 10.10.10.254
Add the following to your /etc/network/interfaces config file if you are using static addressing.
======================================
auto br0
iface br0 inet static
address 10.10.10.99
netmask 255.255.255.0
gateway 10.10.10.254
bridge-ports eth0 tap0
pre-up ifconfig eth0 0.0.0.0 promisc up
pre-up ifconfig tap0 0.0.0.0 promisc up
Add the following to your /etc/network/interfaces config file if you are using dhcp.
======================================
auto br0
iface br0 inet dhcp
bridge-ports eth0 tap0
pre-up ifconfig eth0 0.0.0.0 promisc up
pre-up ifconfig tap0 0.0.0.0 promisc up
December 19th, 2008 at 9:44 am
nice tut..
hey josh… where is james???
we r missing him and his updates on ccie studies…
December 19th, 2008 at 2:29 pm
Hi Vijay,
Nice to hear someone is missing me
I am still hard at it. And between juggling studies, work, and the Holiday’s I haven’t had a chance to post. Hope to have an update very soon.
james
December 24th, 2008 at 1:12 pm
Hi Josh,
How do we do this on windows as host os system?
Thanks
Chikki
December 27th, 2008 at 5:09 am
Hello Josh,
Many many thanx man, it worked great
* note for newbies like me: add the tap int from the “tap” tab in the cloud config… took me some time to know that…
Thanx again
December 27th, 2008 at 5:11 am
Hi Chikkis,
I don’t think this problem exists on windows as I was able to ping the router directly from the host pc when i connected it to the Ethernet interface..
Regards,
Fouad
December 27th, 2008 at 3:35 pm
Fouad,
Thanks. You are correct. This problem does not exist in Windows environments.
Simply select an ethernet interface within the cloud configuration.
Josh
December 31st, 2008 at 2:24 pm
Great tut!
I google for long time, looking for something like that, but i have some questions..
1.-I don’t have tunctl installed at backtrack3
i download it, but….
bt tunctl-1.5 # make
cc -g -Wall -o tunctl tunctl.c
docbook2man tunctl.sgml
make: docbook2man: Command not found
make: *** [tunctl.8] Error 127
ideas?
thx
December 31st, 2008 at 2:34 pm
Erwin,
I ran into this problem yesterday … on a CentOS 5.2 system. I could not find a package that contained the tunctl command. Grrrr….
Anyways, here is what I did find out. I didn’t need it.
I was able to just type ‘modprobe tun’ and ‘ifconfig tap0 up’ as root and it worked.
Use ‘lsmod | grep tun’ to see if the tun kernel module is loaded and ‘ifconfig’ to see if the tap0 interface is up.
Try skipping the ‘tunctl -t tap0′ part.
Josh
December 31st, 2008 at 3:56 pm
Im running bt3 kernel 2.6.21.5
Here’s the results:
bt / # modprobe tun
bt / # ifconfig tap0 up
tap0: ERROR while getting interface flags: No such device
bt / # lsmod | grep tun
tun 12160 0
Sorry but it’s that module tun, dont create the bridge interface
Thx 4 ur time
January 5th, 2009 at 8:35 pm
Erwin,
Sorry that did not work out for you.
I am not familiar with backtrack3.
You might try installing it from source.
http://tunctl.sourceforge.net/
Josh
January 8th, 2009 at 10:15 pm
Hi,
With CentOS 5.2 i386 I installed tunctl from fedora 10 and it *appears* to work.
http://download.fedora.redhat.com/pub/fedora/linux/development/i386/os/Packages/tunctl-1.5-1.fc10.i386.rpm
rpm -Uvh tunctl-1.5-1.fc10.i386.rpm
Idea came from here…
http://wiki.centos.org/HowTos/KVM
William.
January 11th, 2009 at 2:54 am
Thx Josh
I installed ubuntu 8.10 and actually running bt3 in a virtual machine. I follow the tuto and its works hehe great work!
But one question, if my ubuntu have 192.168.0.100 ip, in this step:
sudo ifconfig br0 10.10.10.99/24
i have to change from 10.10.10.99 to 192.168.0.100, and add the route again too, assign an ip from 192.168.0.x and give the gw to have access to the internet?
Thx 4 ur time!!!
January 11th, 2009 at 9:59 pm
Erwin,
Yes, just change the ip addresses however you like to match your topology.
Josh
February 5th, 2009 at 11:10 pm
Hi josh
Can i just use tap interface as your the other tutorial?
The reason I ask because i use remote login to access my linux box. Thanks
Btw, your website has been my top ten list for years. greate work.
nu
February 27th, 2009 at 11:47 am
Hi Josh,
Great site – have been visiting for a few weeks now and this is one of the best knowledge bases for GNS3.
I have followed the how to you published above and I have a couple of problems.
Firstly I create the bridge interface and edit my interface file reboot my pc and I can’t access any websites using firefox – I can ping 4.2.2.2 and any other pingable device on the net but www sites are not possible. If I remove the config and reboot its back to normal and I can access all sites again.
The second issues I have is that none of my GNS3 routers can access the internet i.e. the host PC can ping to 4.2.2.2 but the cisco router can’t. It does have local connectivity (linked to host via bridge)
Any ideas?
Thanks and keep up the good work!!
Rick
February 28th, 2009 at 8:02 pm
[...] is a nice video tutorial to get your GNS3 lab connected to your physical [...]
March 15th, 2009 at 9:01 pm
This may not be revelant but i figured i’d post this anyway. If you’re using ubuntu 8.10 you may be in for some issues with the network manager. For some unknown reason it stops functioning. You will need to manually set you’re resolv.conf with your ISP’s DNS servers. That file is located in /etc/network/resolv.conf
March 31st, 2009 at 8:01 am
Hi All
I’ve followed this tut, which is very clear, but am having problems. I’m running Ubuntu 7.10 on VMWare ESXi. On top of that I’ve got GNS3 running.
The problem I’ve got is as follows:
I can ping from the router to the ubuntu IP.
I can ping from the Ubuntu PC to my real PC.
I can ping from the Ubuntu PC to my GNS3 router.
I cannot ping from my real PC to the GNS3 router.
There are no rules in the Ubuntu firewall (IPtables I think it’s called). One curious thing is this. When I shut the interface on the GNS3 router the ping response on my real PC is “dest unreachable”. When I issue a no shut to the interface I get request timed out.
Anyone got any ideas?
April 2nd, 2009 at 7:11 pm
can this be done with the wirelless connection in ubuntu
April 5th, 2009 at 5:51 pm
Ok I did it…and I use eth1 my wireless interface…
?
I can connect to the GNS3 topology but not to the Internet…
same as Rick #15
tunctl -t tap0
ifconfig tap0 0.0.0.0 promisc up
ifconfig eth1 0.0.0.0 promisc up
brctl addbr br0
brctl addif br0 tap0
brctl addif br0 eth1
ifconfig br0 up
ifconfig br0 172.16.0.99/24
route add default gw 172.16.0.1
the gw is the gns3 router I am connecting to…
help
April 6th, 2009 at 9:03 am
Ready, i can connect the GNS3 to my LAN connection and ping my CPE!
But¿?¿?How can i connect the GNS3 to the internet?
How i can do this in Ubuntu?
Thanks you for all
April 19th, 2009 at 6:39 am
Janardhanaya,
You are correct. There are some issues with the network manager. I have not had time to figure them all out, but the /etc/network/interfaces config file and network manager are in conflict at times.
I ended up creating a script that I run right before starting labs to create tap interfaces and bridges. Hopefully I can find time in the near future to troubleshoot the problem with the network manager.
Josh
April 19th, 2009 at 7:32 am
Alejandro,
This video covers the concept using dynagen, but the idea is the same.
http://www.blindhog.net/cisco-using-dynamips-your-personal-internet-router/
Josh
August 3rd, 2009 at 7:30 am
Thank you so much. This was really helpful.
One thing that did take me a while to figure out was to configure “Promiscuous Mode: Accept” on the ESXi host machine where I was running the Ubuntu Desktop.
By default the vSwitch (in the ESXi host Networking Configuration) is configured to vSwitch: Reject
Before changing this config I was only able to ping to/from the Cisco router to Ubuntu Desktop but not from router to outside of the host PC.
(I could confirm ICMP packets were leaving Ubuntu Desktop OK but were not coming back in).
August 21st, 2009 at 7:45 pm
I am not quite sure why I was not able to get this to work with the interfaces configuration file but I was able to get this to work with the rc.local. I made the following configuration, which works across reboots as well:
tunctl -t tap1 -u user
brctl addbr br1
brctl addif br1 tap1
brctl addif br1 vmnet1
ifconfig tap1 0.0.0.0 promisc up
ifconfig vmnet1 0.0.0.0 promisc up
ifconfig br1 5.5.5.1/24 up
October 21st, 2009 at 9:16 am
He guys, if you’re using networking inside VMware ESX(i), you’ll better connect your VM (where your virtual router resides in) to a seperate VMPG (create new networking) and allow all hosts inside this VMPG to use promiscuous mode (edit settings of VSwitch and then edit settings of VMPG) – otherwise you won’t get communication between VRouter and real world running up – in my case a great solution!
Regards
October 21st, 2009 at 9:17 am
Oh already written down – so please ignore me
November 3rd, 2009 at 5:12 am
[...] First of all, I will suppose that you have configured a tftp server somewhere in your LAN. Second thing is you can configure a bridge between your Ethernet interface and a tap interface (a virtual interface, for use with the emulated router). In Linux, you can use the Bridge-utils and uml-utilities to do that. You can find a tutorial on how to do a bridge <here>. [...]
November 22nd, 2009 at 11:13 am
Hi there,
I followed this tutorial several times but I end up getting the same result. I’m running Ubuntu 9.10 64-bit as Host OS and a VMware vm that runs the CUCM, using my wlan0. When I’m done with all the configuration in this tutorial:
- from my host OS I’m able to ping every device (including the router in my GNS3 lab)
- from my vmware vm I’m able to ping my host OS (br0 ip address) and every other device except the router in my GNS3 lab.
- from my GNS3 lab’s router I’m able to ping only the br0 ip address.
I have tried also with ip_forward and using eth0 but still no luck with that either. I need help.
Thanks in advance for your help,
Mike.
January 23rd, 2010 at 1:20 pm
mike, what is it you want to be able to do?
telnet from outside the vm into the vm?
first things first, start on the inside and work your way out. you can telnet from your host to your router correct?
in the host ipv4forward
vm network needs to be bridged to server
your host needs a default route
your server needs a static route
or you could use the routed daemon on the server
and peer with the virtual router
your server needs ipv4forward
now give it a try
server should be able to telnet to host
you could even add a static route on your residential router and set up a box that acts like a pod. that’s what i did
questions?
aking1012 aaaa___tt amcomworks.com
February 1st, 2010 at 7:32 am
Hi,
I’m using fedora 12, and there is no /etc/network directory. I was wondering if anyone knows how to enter the following information into Fedora so that my bridge connection becomes permanent?
auto br0
iface br0 inet static
address 10.10.10.99
netmask 255.255.255.0
gateway 10.10.10.254
bridge-ports eth0 tap0
pre-up ifconfig eth0 0.0.0.0 promisc up
pre-up ifconfig tap0 0.0.0.0 promisc up
Thanks!
–Max
February 4th, 2010 at 2:50 am
andy,
what I want my gns3 router to have connectivity with all the other devices in my LAN, to continue setting up my virtual voice lab. However, when I follow the steps in this tutorial I’m just able to ping my gns3 router to/from my ubuntu host, but not with the vmware workstation cucm server, the network adapter of that vm is bridge. I have tried the ipv4forward but still doesn’t work. I’m using just one subnet. I don’t understand what you have told me, can you please be more specific.
thanks,
Mike
February 7th, 2010 at 7:01 am
vmware can get funny using wlan i would set vmare to tap on lo0 or create a lo1 and tap then dyn to bridge on a tun interface. then bridge the tun int and the lo interface. make sure firewall rules aren’t blocking connectivity. will give it a shot on my latop today. will let you know
February 17th, 2010 at 12:58 pm
your whole lan, is the cucm server on another PC. you may have to set up additional routes in the lan. also with virtual devices sometimes you have to populate the arp cache yourself or ping from hosts in a specific order.
ip addressing information required for more troubleshooting. it all works for me.
if you use more than one pc for virtualization test pc to pc then vm to near pc, then vm to far pc. where it fails will tell you who doesn’t know how to get back. that is usually the problem with vm. everybody knows how to get out. the network doesn’t know how to get back.
February 24th, 2010 at 5:49 am
Hey Guys,
You guys are rocking and thanks for all the support. Let me jump into my problem.
I’ve GNS3 running inside my Vmware virtual machine and everything seems to be perfect. The problem is that, I can’t ping my router from the VM that hosts GNS3. Also, not pinging from the GNS3 router to the host VM. What could be the problem? I can ping fine with VPCS. I’m sure that my NIO ETH configuration is correct. Can someone help?
Thanks!
March 2nd, 2010 at 7:43 am
Hi All
Or another way when you configure the cloud you will note it says requires root access. If you run Terminal (shell) then enter sudo gns3 this will run GNS3 with root access and all will be well
If GNS3 is not installed in a path that linux searches for binaries you will have to enter the full path i.e. sudo /home/ubuntu/gns3
Hope that helps
July 21st, 2010 at 11:18 pm
OK I know im 2 years late…
This tutorial is very good. I had been hacking at getting this working for atleast a week off and on. This was 1-2-3. Cheers!!!
August 31st, 2010 at 6:46 am
Hey Guys,
As i tried in windows XP, i am able to ping to access server from other PC’s on the LAN, but not to other routers on the GNS.
I have one router say R1 and one cloud, I made connection with R1 and cloud, and made R1 as Access-server. I have another router name R2 which is not connected to R1 nor cloud. How i can access R2 on GNS from other PC on the same LAN.
This is the configuration made on R1
###########################################
!
! No configuration change since last restart
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname access-server
!
boot-start-marker
boot-end-marker
!
enable password anand
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
!
ip host r1 2001 172.16.0.240
ip host r2 2002 172.16.0.240
ip host r3 2003 172.16.0.240
ip host r4 2004 172.16.0.240
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username anand password 0 anand
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 172.16.0.111 255.255.0.0
duplex half
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
logging synchronous
transport output all
stopbits 1
line aux 0
transport output all
stopbits 1
line vty 0 4
login local
transport output all
line vty 5 14
login local
transport output all
line vty 15
login local
!
!
end
###########################################
November 18th, 2010 at 7:40 am
[...] http://www.blindhog.net/linux-bridging-for-gns3-lan-communications/ [...]
February 17th, 2011 at 11:03 pm
i have managed to create two taps with two bridges. they both work, both way pings work, i need those two interfaces to ping each other through a gns network, but not from local manner, this is a huge problem cause i have no idea how this could be resolved.
ping -I ip.of.tap.1 ip.of.tap.2
how can i split those two interfaces from seeing each other? each tap has its own interface number connected to a unique bridge, both bridges are on different networks.
i have noticed that when tunctl “sets the persists”, both of my interfaces are owned by UID 0, what does that mean? could i split them here somewhere????
February 23rd, 2011 at 8:52 am
Kinetik,
This is a problem. This can not be accomplished from your host machine. It will find a better route.
You can use vmware server on your host and bring up a virtual machine only connected to tap.2.
http://www.blindhog.net/voice-lab-branch1-and-branch2-virtual-machine/
Josh
March 28th, 2011 at 7:35 am
Many tx, details from your original post worked perfectly after I had spent some hours trying to combine bits and pieces from other sites on bridging and tapping.
Fintan.
March 31st, 2011 at 4:23 pm
Hello Josh,
I am trying to do on window but not able to access the Local PC address.
Do you please let me know how to do it on a window PC
April 18th, 2011 at 8:19 am
I found this configuration worked in my /etc/network/interfaces file as a permanent solution.
auto br0
iface br0 inet static
address 10.105.105.20
netmask 255.255.255.0
gateway 10.105.105.254
dns-nameservers 10.105.105.254
dns-search something.com
pre-up tunctl -t tap0
pre-up brctl addbr br0
pre-up brctl addif br0 eth0
pre-up brctl addif br0 tap0
pre-up ifconfig eth0 0.0.0.0 promisc up
pre-up ifconfig tap0 0.0.0.0 promisc up
post-down ifconfig eth0 down
post-down ifconfig tap0 down
post-down ifconfig br0 down
post-down brctl delif br0 eth0
post-down brctl delif br0 tap0
post-down brctl delif br0
May 3rd, 2012 at 9:38 am
I tried following this post but it’s complicated and I think it causes my physical machine’s wi-fi to go down.
Does it need to be this complicated? I thought it was something along these lines…
Run GNS3 as root (google how & making icon for this)
Run virtual box as root
VBox: file-preferences-network add host-only networks vboxnet0, vboxnet1, (one for each network, if you have 2 devices attached to switch, both clouds are in same vboxnet#)
Go into the settings for each of these (screwdriver icon) & tweak the ip addresses appropriately.
GNS3 add a cloud, configure, under NIO Ethernet tab: Linux Ethernet section select vboxnet# from dropdown.
Boot your virtual machine from virtual box. Assign appropriate ip & gateway…
Then here is where I am stuck
I tried assigning the vboxnet0 the same ip address as the router interface connected to the vbox, ex 192.168.3.1/24 (this is in the vbox global settings) and then the vbox machine has an address in this subnet like 3.7. But the vbox machine’s network doesn’t come up, no ping. I tried assigning an address like 3.6 to vboxnet0 which doesn’t exist on any device in the GNS3 topology. That doesn’t work, either.
Any recommendations? I’m on the last step of getting this all to work. And my assignments are past due
May 3rd, 2012 at 9:41 am
…I forgot to mention…in virtualbox, on each virtual machine’s network settings I did set up the network adapter to be vboxnet0.
Attached to: host-only adapter: name vboxnet0
June 30th, 2012 at 1:46 pm
thank you very much from Chile!!
muchas gracias me sirvió mucho ! =)
August 28th, 2012 at 11:32 pm
thanks a lot for giving great tutorial..
October 9th, 2012 at 8:11 pm
[...] GNS3 Linux Bridging documentation Share this:EmailMoreShare on TumblrPrint Pin ItDiggLike this:LikeBe the first to like this. Tags: firewalls, palo alto, paloalto, Routing Comments RSS feed [...]
October 9th, 2012 at 8:13 pm
[...] GNS3 Linux Bridging documentation Share this:EmailMoreShare on TumblrPrint Pin ItDiggLike this:LikeBe the first to like this. Tags: firewalls, palo alto, paloalto, Routing Comments RSS feed [...]
January 23rd, 2013 at 4:45 am
[...] tips for manual setup: http://www.blindhog.net/linux-bridging-for-gns3-lan-communications/ [...]