If you use linux (optionnaly FreeBSD and Solaris, not tested), you may want to access the network through a tuntap interface. The main advantage of this interface, is that the guest has access to the host. The guest can even have access to the whole network if the host routes or masquerades the guest requests. No extra IP address is needed, all can be done using private IP addresses.
You'll find here instructions to set up Linux/Bochs to provide network access to the guest OS through a tuntap interface and private IP network. We're going to see howto :
enable the tuntap interface in the Linux Kernel
configure Bochs to use the tuntap interface
set up the private network between the host and the guest
set up the host to masquerade the guest network accesses
From the tuntap.txt file in the Linux kernel tree :
TUN/TAP provides packet reception and transmission for user space programs. It can be viewed as a simple Point-to-Point or Ethernet device, which instead of receiving packets from a physical media, receives them from user space program and instead of sending packets via physical media writes them to the user space program. When a program opens /dev/net/tun, driver creates and registers corresponding net device tunX or tapX. After a program closed above devices, driver will automatically delete tunXX or tapXX device and all routes corresponding to it. |
First make sure the tuntap module is included in the kernel :
if you use a recent distribution, chances are that the needed modules are already build
Make sure that "Kernel module loader" - module auto-loading support is enabled in your kernel.
Add following line to the /etc/modules.conf:
alias char-major-10-200 tun |
Run:
depmod -a |
Otherwise, recompile the kernel, including the configuration option
CONFIG_TUN (Network device support -> Universal TUN/TAP device driver support) |
Note: Make sure there is a /dev/net/tun device. (Can be created with 'mkdir /dev/net ; mknod /dev/net/tun c 10 200').
In the same way, to use masquerading, you need a kernel with the following options :
CONFIG_IP_NF_CONNTRACK (Connection tracking) CONFIG_IP_NF_IPTABLES (IP tables support) CONFIG_IP_NF_NAT (Full NAT) |
Note: Some of the other options in this group is probably also needed, (but the default setting should be OK).
Make sure Bochs has ne2000 support. If you have to recompile Bochs, --enable-ne2000 when running ./configure (see the Section called Compiling Bochs in Chapter 3)
edit your .bochsrc configuration file and add something like :
ne2k: ioaddr=0x240, irq=9, mac=fe:fd:00:00:00:01, ethmod=tuntap, ethdev=tun0, script=/path/to/tunconfig |
Since the tuntap interface cannot be configured until a process opens it, Bochs may run a script file for you. In this case /path/to/tunconfig should be changed to match the actual place where you'll create this script.
We'll set up a private network between the host and the guest with the following parameters:
Host IP : 192.168.1.1 Guest IP : 192.168.1.2 |
Create the /path/to/tunconfig script :
#!/bin/bash /sbin/ifconfig $1 192.168.1.1 |
Make it executable :
chmod 755 /path/to/tunconfig |
Run Bochs, install the guest OS, and set the following network parameters :
IP: 192.168.1.2 netmask: 255.255.255.0 gateway: 192.168.1.1 nameserver: whatever is used in linux |
Note: Bochs must be started by root (at least for now - the script won't have root privileges otherwise).
ALL: 192.168.1.2 |
At this point, you should be able to ping/telnet/ftp/ssh the guest from the host and vice-versa.
We are going to set up standard masquerading configuration. Edit the /path/to/tunconfig script ans add :
/sbin/iptables -D POSTROUTING -t nat -s 192.168.1.0/24 -d ! 192.168.1.0/24 -j MASQUERADE >& /dev/null /sbin/iptables -t nat -s 192.168.1.0/24 -d ! 192.168.1.0/24 -A POSTROUTING -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward |
Note: The configuration assumes the default policy is ACCEPT (can be examined by doing '/sbin/iptables -L')
Note: The iptables package must be installed.
Note: You may need to load other modules if you want to use other fancy protocols (ftp,etc...)
[1] | much of the information of the following section is taken from this email from Samuel Rydh of the Mac-On-Linux list |