I finally got it working for a few minutes to see if I can actually
access the outside world. Aside from a slight slowdown sometimes
(possibly due to the extra routing involved or from um_eth_net_util)
it worked great. I no longer had to use Squid to access the Internet
Just in case anyone else would like to know how I got UML to see the
outside world, I'm posting the commands I used below (22.214.171.124 is
an IP on the host, and 126.96.36.199 is the UML IP). First I opened
3 ssh windows at once going to the same host. I login as root to all
three of them. In the first one, I booted UML. The second one ran
"um_eth_net_util tap0 100", and the third was the window I did all
the "From Host" commands in. I made sure UML and um_eth_net_util
started successfully, then I executed each of the commands under
"From UML" one at a time (inside the window running UML).
Next I switched over to the third window which I purposely left idle.
I entered each of the commands under "From Host", one at a time. After
this was successful, I went to the UML window and made sure I could ping
the host. Once I made sure I was able to access the host, I made sure
I could access the outside world by pinging the router. Once sasitified,
I considered myself fully hooked to the Internet from UML***.
(*** optionally you can execute the following commands in the third window
after getting networking operational:
ipchains -P forward DENY
ipchains -A forward -s 188.8.131.52 -j ACCEPT -i eth0
ipchains -A forward -d 184.108.40.206 -j ACCEPT -i tap0
This will result in better security by limiting who can route through your
system. Note: you may have to use different commands if you are running a
2.4.x kernel on the host machine.)
ifconfig tap0 220.127.116.11
echo 1 >/proc/sys/net/ipv4/ip_forward
arp -i eth0 -s 18.104.22.168 -D tap0 pub
route add -host 22.214.171.124 dev tap0
ifconfig eth0 hw ether 0:0:10:0:0:1
ifconfig eth0 126.96.36.199 netmask 255.255.255.0
route add -host 188.8.131.52 dev eth0
route add -net default gw 184.108.40.206 dev eth0
Now since I got it up and running on the Internet is it possible
to use IP aliasing on the UML side so that I can attach more
than one IP to the virtual eth0? Would it involve going back
to the host and adding additional ARP entries?
From: William Stearns [mailto:wstearns@...]
Sent: Thursday, November 30, 2000 8:10 PM
To: Mooneer Salem
Cc: ML-uml-user; William Stearns
Subject: Re: [uml-user] Making services in UML available to the outside
Good afternoon, Mooner,
On Thu, 30 Nov 2000, Mooneer Salem wrote:
> I've succeeded in getting UML to boot within my Redhat Linux 6.1
> box (running kernel 2.2.17, UML was running 2.4.0) I also got
> virtual ethernet to work on tap0 (I can contact the host and the
> host can contact UML, but UML cannot see the outside world without
> a proxy.
> The host has an IP of 220.127.116.11, which is accessable to the rest of
> the world. I know it's possible to set up IP Masquerating, but I would
> like people to be able to connect to service(s) I enable within UML.
> All I would need to do is set tap0 to 18.104.22.168 and eth0 in UML to
> 22.214.171.124 plus adding some ipchains rules correct? Or does it involve
> much more? (I already tried 'um_eth_net_util eth0 100', but that puts
> the Ethernet card in promiscuous mode, which overloads UML with network
- Set up uml with the following network configuration:
(netmask=255.255.255.255, ip addresses as you specified above, use the
host's tap0 IP as uml's default gateway).
- Turn on ip forwarding in the kernel (if you have
an /etc/sysctl.conf, make sure it has "net.ipv4.ip_forward = 1", otherwise
add "echo 1 >/proc/sys/net/ipv4/ip_forward" to the end of
/etc/rc.d/rc.local or /etc/rc.d/init.d/network)
- Tell the host to stand in for the uml on the ethernet network;
this is called proxyarp. Here's an example, assuming that eth0's mac
address is 00:10:5A:CC:97:BF (you can find this in "ifconfig eth0"):
arp -i eth0 -s 126.96.36.199 00:10:5A:CC:97:BF pub
Likewise, add this to /etc/rc.d/init.d/network or
See ftp://mason.stearns.org/pub/doc/proxyarp-howto for a writeup I
did on proxyarp.
One more note; you can conserve one more address by using
188.8.131.52 as the IP address for both eth0 and tap0.