Hi, On Tuesday 17. June 2008, Stephen R Marenka wrote:
> I've put most of my aranym setup notes at > <http://wiki.debian.org/Aranym>. > > Please take a look and make some comments or build some buildds. :) A few comments about the network setup: First, aratapif doesn't have to be called manually, it's not much more than a simplified ifconfig and it's only intended to be called by aranym. Thus if you have this in the aranym config: [ETH0] Type = ptp Tunnel = tap0 HostIP = 192.168.0.1 AtariIP = 192.168.0.2 In theory aranym then would create the tap0 device and then calls aratapif to configure the device (similar to ifconfig). The problem with recent kernels is that creating the device requires net_admin capabilities, so aranym fails to create it. Due to this I don't think aratapif is (easily) usable anymore. Any other way requires tap0 to be configured before running aranym and only this is really needed in the aranym config for this: [ETH0] Type = bridge Tunnel = tap0 "bridge" prevents aranym from calling aratapif. The manual call to tunctl (which you have under Point-to-Point) is equivalent to tunctl_user in interfaces, so Debian users can always just use interfaces. What's left then is configuring how packets are forwarded, either via bridging, masquerading or proxy arp. You already have bridging covered. In the other two cases a pointtopoint ip link is created. The ip number of tap0 doesn't matter much (but it should be a private ip of course), it's only used in the direct host<->aranym communication, but a routing entry to the aranym host required. In either case forwarding has to be enabled. Masquerading can be configured via interfaces: iface tap0 inet static address 192.168.0.1 pointopoint 192.168.0.2 netmask 255.255.255.255 tunctl_user smarenka up iptables -t nat -A POSTROUTING -s 192.168.0.2 -j MASQUERADE down iptables -t nat -D POSTROUTING -s 192.168.0.2 -j MASQUERADE (I haven't tested the iptables commands, but I'm pretty sure it works. :) ). An important thing to note is that this way aranym is not visible on the local network, so it might require two other iptables entries, so that it's reachable from the outside, if the host isn't directly connected to the internet (one on the firewall, one on the host). The mini network stuff I explained for proxy arp can be simplified a little: iface tap0 inet static address 192.168.3.133 netmask 255.255.255.255 tunctl_user roman uml_proxy_arp 192.168.3.134 uml_proxy_ether eth0 Note the changed netmask, this makes it a simple pointtopoint ip link and for aranym one simply has to pick a free ip number from the local network and the other network settings can be configured as for any other host on the local network (for masquerading the ip number doesn't matter as much as it's not visible outside the local host). bye, Roman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
