Connect GNS3 to the Internet

gns3_icon_256x256It is always useful to be able to connect your GNS3 labs to a real world network such as a physical Lab network of real Cisco devices, connected to you PC, or even to the Internet.

In this post I will provide step by step instructions to connect your GNS3 install to a physical network and to connect to the internet.

There are two possible methods to connect GNS3 to the internet, depending on the setup of your local network. The first method would be used if your PC is directly connected to your broadband router with a cable (i.e. a wired network). The second method is used if your PC is connected to your broadband router via WiFi, this requires the installation of some additional software and setting up NAT.

Connecting GNS3 to the internet over a wired network

This the easiest method to get working, it assumes that the Ethernet interface has a private IP address assigned to it either Manually or via DHCP. GNS3 must be run as root so that it will have root access to the physical interface on the PC.

In order to run the GNS3 gui as root we need to install gksu, which is a GTK+ front end to su and sudo, This allows you to launch GUI applications as root or a specified user.

To install gksu run the following:

Next launch GNS3 as root, you will be prompted for you password:

Select the “Browse End Devices” icon on the left hand side of the screen and drag the cloud icon into the workspace:

Unsaved project- — GNS3_020

Right click on the cloud and select Configure:

Menu_021

Next select the cloud you are configuring from the cloud group. From the drop down menu, under the NIO “Ethernet tab”, select your Ethernet interface. Click add and you will see the interface appear as nio_gen_eth:eth0 in the section bellow the drop down menu. Click “Apply” and “Ok” and the cloud is configured to use your Ethernet interface.

Node configurator_022

Now select a router from the “Browse Routers” Icon and drag your preferred router into the workspace. Click on the “Add Link” icon and connect the router interface to the nio_gen_eth:eth0 on the cloud. Start the router using the “Start/Resume all devices” icon and console into the router using the “Console connect” icon:

Unsaved project- — GNS3_025

Once your router has booted it is time to configure the router interface to be in the same subnet as your Ethernet interface. This can be done either using DHCP which will be assigned by your broadband router, or Manually using an unused IP address from the subnet configured on your broadband router.

DHCP

To configure your router to use DHCP use the following commands:

If everything is working correctly you should see a Console message confirming that the interface has received an IP address from your broadband router and be able to ping a device on the internet:

Selection_028

Manual IP configuration

When configuring the IP address manually (or statically) you must first find out what address range your broadband router is using on the LAN. On Ubuntu you can do this by checking your network settings via the network manager. Open your system settings app and select Network:

System Settings_029

Once in your network manager, select “Wired” from the list of devices on the left hand side. This will display the current IP address of the machine as well as the default gateway (which we will use for the default route later). Unfortunately this does not show us the subnet mask that is currently being used, however with most commercial SOHO routers a /24 (255.255.255.0) subnet is used:

Network_030

I prefer to use the CLI to get the IP information, you can use the Network Manager cli command to view all the details you require for your Ethernet interface. In my case I am using Eth0 to connect to my broadband router:

As you can see bellow the output of the above command will provide you with the current IP of your PC as well as the subnet mask and the default gateway address:

Selection_031

Now we have the details of what subnet is being used on our LAN, we can choose a random IP address to use on the interface on the router. In this case I will use 192.168.1.123, however we must confirm that this IP is not in use on the network before using it on the router. To do this we can simply ping the IP and make sure that there is no response:

Selection_032

Now that we have confirmed that the IP is free, we can configure it on the interface on the router using the following commands:

Because we are not learning a default gateway through DHCP, we also need to configure a default route in order to access the Internet, if we don’t configure the default route we will only be able to ping devices within the same subnet and nothing on the internet. This route should point to the IP of the default gateway of PC which we learned earlier:

Selection_033

Connecting GNS3 to the internet over a WiFi network

If your PC is connected to your broadband router using WiFi, or you are using a PPP interface on your machine to connect to the internet, you will not be able to use the first method described in this post. For a WiFi connection you will not be able to connect directly to the WLAN interface on your PC because WiFi is secured and usually uses WEP/WPA to connect to the AP. In the case of a PPP interface, you are usually assigned a single public IP address by your service provider and therefore you wont have a spare IP to assign to the router interface in GNS3.

To overcome these limitation, we will use a TUN/TAP interface configured on the PC. A TUN/TAP interface is a software only interface (virtual interface). This means they have no physical hardware component (eg Ethernet NIC)and only exist within the Kernel. The kernel will forward any traffic destined to the TUN/TAP interface as if it were actually a physical NIC. Therefore when we assign the TUN/TAP interface within GNS3 the router connecting to the TUN/TAP will believe it is physically connected to a Ethernet NIC.

The easiest way to configure a TUN/TAP interface is to use the tunctl utility, which is part of the uml-utilities package, to create and manage the TUN/TAP from the cli:

Now we need to create the Tap (virtual) interface that we will use in GNS3:

Next we can assign an IP address to the tap0 interface and bring it up, in this example I have used a /30 (255.255.255.252) subnet as we only require two IP’s one for each side of the link. You can however configure any subnet you want:

Sample output:

To make the tap0 interface persistent we have to configure crontab to configure the interface during start up.

If no crontab has been configured you will get the following:

Select the method you would like to use to edit the crontab file and include the following:

Now we need to configure NAT so that we can access the Internet through our wlan0 interface. To do this we will setup NAT on iptables with the following commands:

To make the iptables rules for NAT persistent we have to save the rules to a file and then configure the interfaces to apply the rules on startup.

Copy the current iptables rule set to a file /etc/iptables.rules:

Create a script that will load the rules into iptables upon startup:

The next script will save the rules in iptables to the file when you shut down the interface or machine:

Add the following to the file /etc/network/if-post-down.d/iptablessave:

Make sure the files are executable:

Finally we have to enable IP forwarding at the kernel level. This can be done on a per session basis using the following:

If you want to make the kernel forwarding persistent, then we need to edit /etc/sysctl.conf to enable forwarding on startup:

Find the following line and uncomment it:

Sample output of /etc/sysctl.conf:

Now we can open GNS3 and add a cloud as previously describe, except this time we will click on the NIO TAP tab.

Specify tap0 as the TAP interface and add it to the config. Click “Apply” and then click “Ok”.

Node configurator_034

Add a router to the work space and connect the router to the clouds nio_tap:tap0 interface:

Unsaved project- — GNS3_037

Add the following config to the router:

Now you should be able to ping the default gateway (10.200.200.1) as well as IP’s on the internet, in the example bellow I pinged the google primary DNS sevrer 8.8.8.8:

Selection_035

References:

http://jesin.tk/how-to-connect-gns3-to-the-internet/
http://jesin.tk/how-to-save-iptables-rules-in-debian/
https://help.ubuntu.com/community/IptablesHowTo
http://linux.die.net/man/8/iptables-save
http://askubuntu.com/questions/311053/how-to-make-ip-forwarding-permanent

FacebookTwitterGoogle+Share

9 thoughts on “Connect GNS3 to the Internet”

  1. Hello Thanks it’s good article but iam facing problem,
    I can’t ping the public ip addresses like 8.8.8.8 from gns3 but my pc 10.200.200.1 can ping 10.200.200.2 and vice verse any help please?
    Thanks

    1. Hi Ahmed,

      Sounds like either your firewall is blocking the traffic or NAT is not working correctly.

      Can you provide the output for the following commands run as root (sudo su):

      ifconfig tap0

      iptables -t nat -L

      iptables -n -L

      cat /etc/sysctl.conf | grep net.ipv4.ip_forward


      Jonathan

      1. ifconfig tap0
        tap0 Link encap:Ethernet HWaddr 0a:12:29:d4:ab:e9
        inet addr:10.200.200.1 Bcast:10.200.200.3 Mask:255.255.255.252
        UP BROADCAST MULTICAST MTU:1500 Metric:1
        RX packets:0 errors:0 dropped:0 overruns:0 frame:0
        TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:500
        RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

        1. iptables -t nat -L
          root@Ahmed-Ubuntu:/home/ahmed# iptables -t nat -L
          Chain PREROUTING (policy ACCEPT)
          target prot opt source destination

          Chain INPUT (policy ACCEPT)
          target prot opt source destination

          Chain OUTPUT (policy ACCEPT)
          target prot opt source destination

          Chain POSTROUTING (policy ACCEPT)
          target prot opt source destination

        2. Try running the following commands:

          sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
          sudo iptables -A FORWARD -i tap0 -j ACCEPT

          and then:

          echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

          make sure that you have a default route configured on the Cisco device pointing to the IP of the tap0 interface on your PC.

    2. Also please make sure that the router config has a default route pointing to 10.200.200.1 i.e.

      ip route 0.0.0.0 0.0.0.0 10.200.200.1

      I have also updated the post as I picked up a couple of copy and paste errors when I looked through it again.

  2. Superb guide – thank you very much. And kudos to you for providing references too. It worked first time for me so now I shall look up those references and make sure I understand exactly how it works. Thank you again.

Leave a Reply to Ahmed Dirie Cancel reply