How to create permanent TAP interface?

Home Page Forums Network Management ZeroShell How to create permanent TAP interface?

This topic contains 3 replies, has 0 voices, and was last updated by  Larry Baker 8 years, 12 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #42375

    Larry Baker
    Member

    I am using ZeroShell to emulate another network to configure a server in the lab before shipping it to the site. The site uses a 10.x.x.x/255.255.255.240 internal subnet, and NATs to the public Internet. I have ZeroShell working to simulate this part. I also have it working to simulate inbound port-mapping (Virtual Server). I want to add a TAP interface (TAP00, for example) with two IP addresses assigned to simulate the primary and secondary DNS servers for the site. (From what I can tell, ZeroShell binds a DNS server to every interface port it finds.) These are also 10.x.x.x addresses, but they are on a different subnet. I have made this work by adding IP addresses with a 255.255.255.255 subnet mask to the internal Ethernet interface, but only by bridging everything (a naive solution). I am trying to set this up correctly. I assume I will have to execute “/usr/local/sbin/openvpn –mktun –dev TAP00 –dev-type tap” somewhere, and I will have to create a “/Database/var/register/system/net/interfaces/TAP00” directory (can it be empty?). There is a NAT and Virtual Servers script. Is this the right script to use? When does this get executed? Any better ideas?

    #50232

    ppalias
    Member

    I am not sure why you want to use a TAP interface, which is for tunneling mostly, to test a DNS service. Could you draw a diagram of what you want to have? From my point of view it looks very simple configuration and staging it in a lab doesn’t look necessary.

    #50233

    Larry Baker
    Member

    I made good progress today. I have succeeded to create TAP00 and to assign two addresses to it. I will post my solution when I am done. In the mean time, I will try to explain better what I have in mind.

    If I were to use actual hardware (Ethernet interfaces and servers) for everything, I would need: an ETH00 to the Internet, an ETH01 to a 10.x.x.x/255.255.255.240 (with NATing) private subnet for my server, and an ETH02 to a 10.y.y.y/255.255.255.0 (no NATing) private subnet with two DNS servers. I would have to set up the DNS servers as well as my server. ZeroShell already includes a DNS server, which it binds to every Ethernet interface it finds. So, if I create a virtual Ethernet interface within ZeroShell, I can assign two IP addresses to it, and ZeroShell will automatically bind DNS servers to them.

    I think I have accomplished this much already. (The TAP00 virtual Ethernet interface is done; I have to verify that DNS is bound to the IP addresses assigned to it.) I have to make the route now between ETH01 and TAP00. I will work this out tomorrow.

    #50234

    ppalias
    Member

    I still don’t get what you are trying to do. If you want to add multiple IP addresses you can add them as IP aliases. Also you can turn off DNS server of ZS, or instruct DNS server to bind only on specific IP addresses.

    #50235

    Larry Baker
    Member

    Here is how to do it:

    In the SYSTEM > Setup page, select the Startup/Cron tab.

    Select the Pre Boot script from the pull-down menu

    Edit the Pre Boot script:

    >>> SNIP — Pre Boot Script starts here — SNIP <<<
    # Define the number of virtual Ethernet (TAP) interfaces to create
    NUM_TAP_DEVICES=1

    # Enumerate the virtual Ethernet interfaces (NAME=TAPnn)

    typeset -i n=NUM_TAP_DEVICES-1
    if [ $n “$TAPDIR/Description”
    echo up > “$TAPDIR/STATUS”
    fi

    done

    # Ignore the link status for TAP interfaces

    [ -f /root/kerbynet.cgi/scripts/getlinkstatus.original ] ||
    cp /root/kerbynet.cgi/scripts/getlinkstatus{,.original}
    /root/kerbynet.cgi/scripts/getlinkstatus
    sed ‘//usr/local/sbin/ethtool/i
    [ “${INTERFACE:0:3}” != TAP ] && \

    >>> SNIP — Pre Boot Script ends here — SNIP << Setup page, Network tab. I use them to bind the ZeroShell DNS and NTP services to a private (non-routable) subnet, separate from my physical
    private subnet with a different IP address range.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.