How to connect your GNS3 lab to the internet in Mac OS X

Today I’m going to show you how to break GNS3 out of your virtual world into the real world of the internet.

GNS3 is a great resource for anyone who needs access to live Cisco gear but doesn’t have the money to purchase the hardware. You can create complete network topologies in the isolated safety of the lab.  You can configure Network Address Translation (NAT), setup a DMZ with a Cisco ASA and even configure DHCP servers to offer IP addresses to VirtualBox clients.

All of this takes place in an sandbox environment.  In other words, there’s no way you can injure your real network because all the activity is confined to the lab.  Most of the time this is exactly what you want but sometimes you may need to connect your virtual computer to the real world.

Wouldn’t it be nice if you could setup a PC such as Windows XP in VirtualBox?  Then connect it to virtual switch which is connected to a virtual Cisco route? And finally configure IP routing in such a way that your Windows XP machine can actually surf the web through all that virtualized gear?

That’s what I’m going to show you how to do today.

There are a few elements we need to setup but if you follow me closely I’ll show you how to open the door to getting online.  The best part is that none of the servers online will have any idea that your client machine is communicating with it from an entirely virtual environment.

The secret to getting online

I’m about to let you in on a little secret.  The magic that allows your virtual machines to get online through your virtual equipment is based on a virtual adapter called TunTap.

Every client machine has one or more network adapters.  For example, my Macbook Air has a Wireless LAN adapter (en0) that lets me associate with a wireless access point.  But I also have a physical USB-to-Ethernet adapter.  When I plug this little dongle into my USB port I can attach an Ethernet plug and then get on the wired network.

TunTap is a little peice of software that allows you have to have multiple logical adapters.  You can assign IP addresses to these adapters and generally use them for testing.  By default, the TunTap adapter can’t really do anything useful by itself.  But I’m about t show you how we can bridge the TunTap adapter with our real wireless adapter so that we can have a virtual bridge to get online.

If all this sounds a little confusing now don’t worry – I’ll clarify as you read.

For now, let’s just start from the beginning and get TunTap.

Go to http://tuntaposx.sourceforge.net/ and download and install TunTap.  After installing the package, open a Terminal Window (Command + Space type “terminal“)

ls -l /dev | egrep 'tap|tun'

Viewing TunTap interfaces in Terminal

You should see a bunch of interfaces.  If so, bingo you’re good to go.

By the way, you might wonder why you can’t just type:

ifconfig

and search for the interface there.  The reason is because the tap interfaces won’t show up until you assign the interface in GNS3. Sounds weird I know which is why it can cause a lot of confusion.

We’re going to assign the GNS3 interface next.

Assigning the tap interface in GNS3

After installing GNS3, we need to run it as the root user so it can create the first tap interface, tap0.  This requires root access therefore GNS3 must be running as root for it work.

To run tap0 as root type:

sudo /Applications/GNS3.app/Contents/MacOS/GNS3

Great, now drag out a new cloud from the devices list in the left pane, right click it and choose Configure.

Configure GNS3 cloud

Expand the cloud group in the left pane then choose the NIO TAP tab in the right pane.

Under TAP interfaces (require root access) type:

/dev/tap0

Adding the tap0 interface in GNS3

Click Add and then choose OK.  By the way, if you don’t click Add it won’t work – I’ve made this mistake many times.

Alright, now drag out a network device like an Ethernet Switch and then click the Add a link button in the bottom left corner of the GNS3 window to connect any port on your Switch to the nio_tap:/dev/tap0 interface of your cloud.

The act of connecting this link causes GNS3 to create logical tap0 interface on your Mac.

For example, if you type ifconfig now you’ll see a new tap0 interface hanging out at the bottom of your interface list.

Adding the logical tap0 interface to your GNS3 installation

This is huge progress because it now means we can connect our Mac to GNS3.

Let me show you what I mean…

Assign an IP address to the tap0 interface:

sudo ifconfig tap0 10.0.0.2/24 up

Now drag out a GNS3 router and connect it to the Ethernet switch you created earlier.

Right click and Start the router and choose Idle-PC.  We’re going to want a value with a checkmark next to it.  This little step guarantees that the router won’t eat up all your CPU resources while it’s running.

Once you set the Idle-PC value, double click the router and press enter until you get to the R1# prompt.

We need to put the interface connected to the switch in the same subnet as the tap0 interface.  You can check which interface to configure by expanding your R1 device in the topology summary pane.  It’s located alone the right side of GNS3.

Here we go:

config t
int fa0/0
ip address 10.0.0.1 255.255.255.0
no shut
do wr
do ping 10.0.0.2

The top window in the graphic the result of assigning 10.0.0.2/24 to the tap0 interface on my Mac.  And the bottom window shows the successful ping to 10.0.0.2 from my virtual router’s fa0/0 interface assigned to 10.0.0.1/24.

Pinging tap0 from GNS3

Great.

Now that we know tap0 works, we can bridge it to our real interface, which is en0 on my Mac.

sudo ifconfig bridge0 create
sudo ifconfig bridge0 addm en0
sudo ifconfig bridge0 addm tap0
sudo ifconfig bridge0 up

Bridge en0 with tap0 in Mac OS X

Now we need to assign an IP address on your real network to the bridge interface.  I find the easiest way to do this is to simply use DHCP.  That way you’ll automatically get an unassigned IP address and there’s no need to worry about conflicting IPs on your real network.

sudo ifconfig set bridge0 DHCP

Of course if that doesn’t work you can always manually assign a free IP address too.

sudo ifconfig bridge0 x.x.x.x/y up

Where each x represents each decimal value of your IP address and the y is the number of bits in your subnet mask.

You should now be able to ping your bridge0 ip address from R1.

The next step is setting up your default route on R1.

If you do a show ip route you’ll see there’s no default route.  This means if R1 sees a packet destined for a network that it doesn’t have in its routing table it’ll simply discard it.  But we don’t want that.  By default, R1 should route any less specific routes to the internet out your default gateway through your bridge0 interface.  So let’s change that.

Back on R1, type:

ip route 0.0.0.0 0.0.0.0 192.168.0.1

This says: “For any packet not in my routing table route it through my default gateway on my real live network at 192.168.0.1′

Now configure R1’s fa0/1 interface to have the IP address of the bridge id.

In the final step, you can configure NAT/PAT on R1 so that the internal network (10.0.0.0/24 in my example) get’s translated to your “global” address on the 192.168.0.0/24 subnet.

First you can create an access list for all the hosts insides your network.  Let’s say all your hosts inside the GNS3 network are on the 10.0.0.0/24 subnet you would type the following on R1:

access-list permit 1 10.0.0.0 0.0.0.255

This just sets up the rule to match all the hosts on your internal network.

Then go to your inside interface and type:

int fa0/1
ip nat inside

Then go to your external interface and type

int fa0/0
ip nat outside
exit

Now setup the translation rule:

ip nat inside source list 1 interface fa0/0 overload

That should do the trick.

Alternatively, another way to get your router out to the internet is to:

  • Disable your Wi-Fi adapter
  • Plug in the Mac to the network using  your Ethernet adapter
  • Type ifconfig to get your adapter name: en0, en1 etc…
  • Launch GNS3 as root, create a cloud and under the settings for that cloud in the NIO Ethernet tab, choose your Ethernet adapter from the drop down list
  • Connect R1 to the cloud using the Add a link tool
  • Make the interface connecting R1 to the cloud get an IP from DHCP.
    • config t
    • int fa0/0
    • ip address dhcp
    • do ip domain-lookup
    • end

This will force the router to get an IP address from the cloud and should let you get out.

I hope this helps.  I know this tutorial was a little sloppy and might seem confusing.  If so, just leave a comment or shoot me and email and I can help you with the finer details.

About

Connect with Vonnie on Twitter

Posted in Desktops, Hardware, Laptops, Mac OS X 10.10 Yosemite, Mac OS X 10.8 Mountain Lion, Mac OS X 10.9 Mavericks, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Vista, Windows XP Tagged with: , , , ,
  • Pingback: 3 terminal commands every Mac users should know - fixedByVonnie()

  • Gonzo Trujillo

    Thank you for the -how to-

  • crypby

    Hi! Thenks for this how-to, I also have Macbook Air with wifi only card, and step where

    ip route 0.0.0.0 0.0.0.0 192.168.0.1

    is not clear.

    1) Is a 192.168.0.1 is a router’s physical address? Because when I try to add my router’s address (it’s 172.22.0.1) nothing happens in routing table – when I perform “show ip route” there is no S* – route appears.

    2) What IP-address I should assign to bridge0? From physical router’s address ( f.e. 172.22.0.20) or something other?

    bridge0 even with linked en0 and tap0 don’t want to receive address from router’s DHCP (it adds 169.x.x.x).

    plus there is a mistake “sudo ifconfig set bridge0 DHCP” need to be iPconfig 🙂

  • Pingback: Setting up Automation Test Network in GNS3 in OSX | StaticNAT()

  • PapiMigas

    Thank you!!!

  • Pingback: GNS3 Lab: Connect to Physical LAN and Use Layer3 Switch | MengMeng()

  • richard barnabas

    Thank you very much!!It worked!!Thanks a lot

  • richard barnabas

    I can ping tap0 interface but i couldn’t ping bridge interface.

  • Pingback: How to connect your GNS3 lab to the internet in Mac OS X  – Quchen Consulting()

  • Juan José Muriel

    Hi,
    But always I have to execute GNS3 as a root. There is some method to make the tap interface permanent? Thanks in advance.