[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Aranym Setup


On Tuesday 17. June 2008, Stephen R Marenka wrote:

> I've put most of my aranym setup notes at
> <http://wiki.debian.org/Aranym>.
> Please take a look and make some comments or build some buildds. :)

A few comments about the network setup:
First, aratapif doesn't have to be called manually, it's not much more than a 
simplified ifconfig and it's only intended to be called by aranym. Thus if 
you have this in the aranym config:

Type = ptp
Tunnel = tap0
HostIP =
AtariIP =

In theory aranym then would create the tap0 device and then calls aratapif to 
configure the device (similar to ifconfig). The problem with recent kernels 
is that creating the device requires net_admin capabilities, so aranym fails 
to create it. Due to this I don't think aratapif is (easily) usable anymore.

Any other way requires tap0 to be configured before running aranym and only 
this is really needed in the aranym config for this:

Type = bridge
Tunnel = tap0

"bridge" prevents aranym from calling aratapif.

The manual call to tunctl (which you have under Point-to-Point) is equivalent 
to tunctl_user in interfaces, so Debian users can always just use interfaces.

What's left then is configuring how packets are forwarded, either via 
bridging, masquerading or proxy arp. You already have bridging covered.

In the other two cases a pointtopoint ip link is created. The ip number of 
tap0 doesn't matter much (but it should be a private ip of course), it's only 
used in the direct host<->aranym communication, but a routing entry to the 
aranym host required. In either case forwarding has to be enabled.

Masquerading can be configured via interfaces:

iface tap0 inet static
        tunctl_user smarenka
	up iptables -t nat -A POSTROUTING -s -j MASQUERADE
	down iptables -t nat -D POSTROUTING -s -j MASQUERADE

(I haven't tested the iptables commands, but I'm pretty sure it works. :) ).
An important thing to note is that this way aranym is not visible on the local 
network, so it might require two other iptables entries, so that it's 
reachable from the outside, if the host isn't directly connected to the 
internet (one on the firewall, one on the host).

The mini network stuff I explained for proxy arp can be simplified a little:

iface tap0 inet static 
        tunctl_user roman
        uml_proxy_ether eth0

Note the changed netmask, this makes it a simple pointtopoint ip link and for 
aranym one simply has to pick a free ip number from the local network and the 
other network settings can be configured as for any other host on the local 
network (for masquerading the ip number doesn't matter as much as it's not 
visible outside the local host).

bye, Roman

Reply to: