Terms of Use For FixedByVonnie

By proceeding to access fixedByVonnie.com, you expressly acknowledge, and agree to, all of the following:

fixedByVonnie.com is a personal website and blog owned by Security Plus Pro LLC, which is being presented for informational purposes only. The views on this website are solely those of the website owner (and not those of any employer or of any professional associations affiliated with the website owner).  Any views expressed in this website and any information presented on this website, or in any of its blog entries, should not be relied on for any purpose whatsoever other than as the personal opinions of the website owner.  The website owner expressly disclaims any and all liability for any information presented on this site.  The owner of this website and its blog posts shall not be held liable, and shall be held harmless, for any errors or omissions in any information or representations contained in this website, or in any of its blog entries.  The website owner also expressly disclaims any liability for the current or future availability of any such information. The website owner makes no representations as to the accuracy or completeness of any information on this website or which may be found by following any link on this website. The website owner shall not be held liable for any losses, injuries, damages, claims, or causes of action, from the display or use of any information on this website or in any of its blog entries. If you use the information on this website, or on any of its blog entries, you do so solely at your own risk.

How to connect your GNS3 lab to the internet in Mac OS X - fixedByVonnie

How to connect your GNS3 lab to the internet in Mac OS X

Today I’m going to show you how to break GNS3 out of your virtual world into the real world of the internet.

GNS3 is a great resource for anyone who needs access to live Cisco gear but doesn’t have the money to purchase the hardware. You can create complete network topologies in the isolated safety of the lab.  You can configure Network Address Translation (NAT), setup a DMZ with a Cisco ASA and even configure DHCP servers to offer IP addresses to VirtualBox clients.

All of this takes place in an sandbox environment.  In other words, there’s no way you can injure your real network because all the activity is confined to the lab.  Most of the time this is exactly what you want but sometimes you may need to connect your virtual computer to the real world.

Wouldn’t it be nice if you could setup a PC such as Windows XP in VirtualBox?  Then connect it to virtual switch which is connected to a virtual Cisco route? And finally configure IP routing in such a way that your Windows XP machine can actually surf the web through all that virtualized gear?

That’s what I’m going to show you how to do today.

There are a few elements we need to setup but if you follow me closely I’ll show you how to open the door to getting online.  The best part is that none of the servers online will have any idea that your client machine is communicating with it from an entirely virtual environment.

The secret to getting online

I’m about to let you in on a little secret.  The magic that allows your virtual machines to get online through your virtual equipment is based on a virtual adapter called TunTap.

Every client machine has one or more network adapters.  For example, my Macbook Air has a Wireless LAN adapter (en0) that lets me associate with a wireless access point.  But I also have a physical USB-to-Ethernet adapter.  When I plug this little dongle into my USB port I can attach an Ethernet plug and then get on the wired network.

TunTap is a little peice of software that allows you have to have multiple logical adapters.  You can assign IP addresses to these adapters and generally use them for testing.  By default, the TunTap adapter can’t really do anything useful by itself.  But I’m about t show you how we can bridge the TunTap adapter with our real wireless adapter so that we can have a virtual bridge to get online.

If all this sounds a little confusing now don’t worry – I’ll clarify as you read.

For now, let’s just start from the beginning and get TunTap.

Go to http://tuntaposx.sourceforge.net/ and download and install TunTap.  After installing the package, open a Terminal Window (Command + Space type “terminal“)

ls -l /dev | egrep 'tap|tun'

Viewing TunTap interfaces in Terminal

You should see a bunch of interfaces.  If so, bingo you’re good to go.

By the way, you might wonder why you can’t just type:


and search for the interface there.  The reason is because the tap interfaces won’t show up until you assign the interface in GNS3. Sounds weird I know which is why it can cause a lot of confusion.

We’re going to assign the GNS3 interface next.

Assigning the tap interface in GNS3

After installing GNS3, we need to run it as the root user so it can create the first tap interface, tap0.  This requires root access therefore GNS3 must be running as root for it work.

To run tap0 as root type:

sudo /Applications/GNS3.app/Contents/MacOS/GNS3

Great, now drag out a new cloud from the devices list in the left pane, right click it and choose Configure.

Configure GNS3 cloud

Expand the cloud group in the left pane then choose the NIO TAP tab in the right pane.

Under TAP interfaces (require root access) type:


Adding the tap0 interface in GNS3

Click Add and then choose OK.  By the way, if you don’t click Add it won’t work – I’ve made this mistake many times.

Alright, now drag out a network device like an Ethernet Switch and then click the Add a link button in the bottom left corner of the GNS3 window to connect any port on your Switch to the nio_tap:/dev/tap0 interface of your cloud.

The act of connecting this link causes GNS3 to create logical tap0 interface on your Mac.

For example, if you type ifconfig now you’ll see a new tap0 interface hanging out at the bottom of your interface list.

Adding the logical tap0 interface to your GNS3 installation

This is huge progress because it now means we can connect our Mac to GNS3.

Let me show you what I mean…

Assign an IP address to the tap0 interface:

sudo ifconfig tap0 up

Now drag out a GNS3 router and connect it to the Ethernet switch you created earlier.

Right click and Start the router and choose Idle-PC.  We’re going to want a value with a checkmark next to it.  This little step guarantees that the router won’t eat up all your CPU resources while it’s running.

Once you set the Idle-PC value, double click the router and press enter until you get to the R1# prompt.

We need to put the interface connected to the switch in the same subnet as the tap0 interface.  You can check which interface to configure by expanding your R1 device in the topology summary pane.  It’s located alone the right side of GNS3.

Here we go:

config t
int fa0/0
ip address
no shut
do wr
do ping

The top window in the graphic the result of assigning to the tap0 interface on my Mac.  And the bottom window shows the successful ping to from my virtual router’s fa0/0 interface assigned to

Pinging tap0 from GNS3


Now that we know tap0 works, we can bridge it to our real interface, which is en0 on my Mac.

sudo ifconfig bridge0 create
sudo ifconfig bridge0 addm en0
sudo ifconfig bridge0 addm tap0
sudo ifconfig bridge0 up

Bridge en0 with tap0 in Mac OS X

Now we need to assign an IP address on your real network to the bridge interface.  I find the easiest way to do this is to simply use DHCP.  That way you’ll automatically get an unassigned IP address and there’s no need to worry about conflicting IPs on your real network.

sudo ifconfig set bridge0 DHCP

Of course if that doesn’t work you can always manually assign a free IP address too.

sudo ifconfig bridge0 x.x.x.x/y up

Where each x represents each decimal value of your IP address and the y is the number of bits in your subnet mask.

You should now be able to ping your bridge0 ip address from R1.

The next step is setting up your default route on R1.

If you do a show ip route you’ll see there’s no default route.  This means if R1 sees a packet destined for a network that it doesn’t have in its routing table it’ll simply discard it.  But we don’t want that.  By default, R1 should route any less specific routes to the internet out your default gateway through your bridge0 interface.  So let’s change that.

Back on R1, type:

ip route

This says: “For any packet not in my routing table route it through my default gateway on my real live network at′

Now configure R1’s fa0/1 interface to have the IP address of the bridge id.

In the final step, you can configure NAT/PAT on R1 so that the internal network ( in my example) get’s translated to your “global” address on the subnet.

First you can create an access list for all the hosts insides your network.  Let’s say all your hosts inside the GNS3 network are on the subnet you would type the following on R1:

access-list permit 1

This just sets up the rule to match all the hosts on your internal network.

Then go to your inside interface and type:

int fa0/1
ip nat inside

Then go to your external interface and type

int fa0/0
ip nat outside

Now setup the translation rule:

ip nat inside source list 1 interface fa0/0 overload

That should do the trick.

Alternatively, another way to get your router out to the internet is to:

  • Disable your Wi-Fi adapter
  • Plug in the Mac to the network using  your Ethernet adapter
  • Type ifconfig to get your adapter name: en0, en1 etc…
  • Launch GNS3 as root, create a cloud and under the settings for that cloud in the NIO Ethernet tab, choose your Ethernet adapter from the drop down list
  • Connect R1 to the cloud using the Add a link tool
  • Make the interface connecting R1 to the cloud get an IP from DHCP.
    • config t
    • int fa0/0
    • ip address dhcp
    • do ip domain-lookup
    • end

This will force the router to get an IP address from the cloud and should let you get out.

I hope this helps.  I know this tutorial was a little sloppy and might seem confusing.  If so, just leave a comment or shoot me and email and I can help you with the finer details.


Connect with Vonnie on Twitter

Posted in Desktops, Hardware, Laptops, Mac OS X 10.10 Yosemite, Mac OS X 10.8 Mountain Lion, Mac OS X 10.9 Mavericks, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Vista, Windows XP Tagged with: , , , ,
  • Pingback: 3 terminal commands every Mac users should know - fixedByVonnie()

  • Gonzo Trujillo

    Thank you for the -how to-

  • crypby

    Hi! Thenks for this how-to, I also have Macbook Air with wifi only card, and step where

    ip route

    is not clear.

    1) Is a is a router’s physical address? Because when I try to add my router’s address (it’s nothing happens in routing table – when I perform “show ip route” there is no S* – route appears.

    2) What IP-address I should assign to bridge0? From physical router’s address ( f.e. or something other?

    bridge0 even with linked en0 and tap0 don’t want to receive address from router’s DHCP (it adds 169.x.x.x).

    plus there is a mistake “sudo ifconfig set bridge0 DHCP” need to be iPconfig 🙂

  • Pingback: Setting up Automation Test Network in GNS3 in OSX | StaticNAT()

  • PapiMigas

    Thank you!!!

  • Pingback: GNS3 Lab: Connect to Physical LAN and Use Layer3 Switch | MengMeng()

  • richard barnabas

    Thank you very much!!It worked!!Thanks a lot

  • richard barnabas

    I can ping tap0 interface but i couldn’t ping bridge interface.

  • Pingback: How to connect your GNS3 lab to the internet in Mac OS X  – Quchen Consulting()

  • Juan José Muriel

    But always I have to execute GNS3 as a root. There is some method to make the tap interface permanent? Thanks in advance.