Re: Usermode Linux and Bridging host

[Richard Stevens <mail () richardstevens de>]

Hi,

after the nice mails I received as help, I finally managed to get Bridging up 
successfully and it works well.

I use the following script on the hostsystem with one physical interface 
(eth0) that is not configured at boot:

--------------------------
#!/bin/sh
echo Bringing up Network
echo Creating tundevice
tunctl -ttap0
echo Bringing up interfaces
ifconfig eth0 up
ifconfig tap0 up
echo Bringing up bridge
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 tap0
brctl stp br0 on
ifconfig br0 up
--------------------------

If you need the Hostsystem to be accessible from the outside, modify the last 
ifconfig command and give br0 an IP. Of course you might also need to set up 
routing.

I've set up my host (inittab) to only aquire the first four consoles 
(ALT+F1-F4) and start my uml instance at boot automatically with the 
following command.

./linux con0=tty:/dev/tty5 con1=tty:/dev/tty6 
eth0=tuntap,tap0,fe:fd:f0:00:00:01 mem=512M umid=debian &

This will grab tty5 and tty6 wich allows you to log into the uml instance via 
ALT+F5 and ALT+F6. I configured umid as debian to allow shutdown of the uml 
instance via ctrl-alt-delete sent to the uml instance with uml_mconsole. 
Within the uml instance I configured the ctrl-alt-delete hook in inittab to 
shutdown instead of the default reboot operation. 

Relevant for the bridging stuff to work is the eth0 part. The way it works 
here, the uml instance will use a preconfigured tap0 interface and assign it 
the MAC-address fe:fd:f0:00:00:01. Then you can assign eth0 any IP you like 
via the mechanisms of your distribution. I use a debian uml root_fs and I 
just assigned the relevant information in /etc/network/interfaces and enabled 
auto for it to be configured at boot. 

Right now, my uml instance will be run as root. That's my next step to change. 
For that to work I will at least have to change the tunctl line and add -u 
<user> to it to change ownership of the tap0 device within the hostsystem. 
That's something you have to keep in mind.

I'm not sure what your problem is, since I'm new to all this as well but 
hopefully this example wich works perfectly for me, helps you a little 
anyways.

You might also have a look at the rc.firewall script provided by The Honeynet 
Project. It takes care of setting up the interfaces when used in bridging 
mode. I found that out after asking questions and trying around myself. 
Sometimes the information is just there and you don't see it :-)

Good luck,

Richard

Attachment: _bin
Description: signature