[Netkit.users] Tap problem in netkit

Massimo Rimondini rimondin at dia.uniroma3.it
Tue Mar 17 12:02:48 CET 2009

Dear Silvio,

> I need to connect the guest machine to internet for some DNSSEC tests
> and add some packages. This guest machine must be physically connected
> to my house´s subnet (ethernet). I didn´t want change my home network
> only for this test. Here is a little schema of my home network:
> INTERNET ----- DLINK ROUTER (ADSL Router) ----- OPENSUSE (primary O.S)
> OpenSuse address:
> The Netkit is installed in opensuse. The home subnet is
> You told that need to do some manual setup to configure bridging instead.

Ok, so down with some instructions. There are two possibilities to
achieve what you need. One is to configure static routing and the other,
that I have been hinting at, is to use bridging.

In the static routing solution your virtual machine will lay in your
house's subnet, but still be reachable via an intermediate router (your
host). Instructions to implement this solution follow. All the commands
must be executed on the host as root.

   1. Start the Internet connected virtual machine as usual:
      vstart recursive --eth0=tap,, -M 128
      (observe that this will make duplicate addresses exist on the
      network for a while)
   2. Delete the IP address of the tap interface on the host:
      ifconfig nk_tap_${USER}
   3. Add a static route on your host, pointing to the virtual machine:
      route add dev nk_tap_${USER}
   4. Enable proxy ARP:
      echo 1 > /proc/sys/net/ipv4/conf/nk_tap_${USER}/proxy_arp
      echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp (where eth0 is the
      name of the Ethernet interface on your host)
   5. Disable NAT:
      iptables -t nat -D POSTROUTING -j MASQUERADE

Well done. Now you should be able to reach your home network from the
virtual machine and vice versa.

In the bridging solution the virtual machine will appear as if it were
physically connected to your house's subnet (i.e., no routers in the
middle). Be aware that this solution establishes a bridge between the
virtual machine and your home network, thus  compromising Internet
connectivity on your host! You have been warned!
Instructions follow.

   1. Start the Internet connected virtual machine as usual:
      vstart recursive --eth0=tap,, -M 128
   2. Reconfigure the default gateway inside the virtual machine:
      route del default gw
      route add default gw <ip_address_of_your_host's_default_gateway>
   3. Disable NAT:
      iptables -t nat -D POSTROUTING -j MASQUERADE
   4. Create a new bridge on the host:
      brctl addbr br0
   5. Bridge the tap interface and the Ethernet interface together:
      brctl addif br0 nk_tap_${USER}
      brctl addif br0 eth0
   6. Enable the bridge:
      ifconfig br0 up

> Can you help me? Your name will be in my work :)
> Thank you soo much,

That's it. Hope this helps.

P.S. Thanks for the citation! :-)


-------------- parte successiva --------------
Un allegato HTML ? stato rimosso...
URL: http://list.dia.uniroma3.it/pipermail/netkit.users/attachments/20090317/951e3569/attachment.html 

More information about the Netkit.users mailing list