Networking with MOL =================== MOL networking is configured from /etc/mol/molrc.net. MOL supports three different network drivers: 1. SheepNet driver 2. TUN driver 3. TAP driver By default MOL is configured to use the SheepNet driver (for AppleTalk) and the TUN driver for TCP/IP. 1. SheepNet driver ================== Configuration of this driver is simple. Just make sure the config file contains something similar to netdev: eth0 -sheep The sheep net driver shares the specified ethernet interface between MOL and MacOS. The network topology typically looks like follows: 130.237.226.235 mol (sheep_net) | -ethernet----------------------------------------- | | linux (eth0) other_machine 130.237.226.234 130.237.226.239 That is, MOL looks like a separate host on the network. In particular, a TCP/IP number different than the one used by the linux host must be used. If IP numbers are obtained though DHCP, this might be a problem. The sheep_net driver works well with AppleTalk. It is recommended that the sheep_net driver is used exclusively for AppeleTalk (the tun driver performs better for TCP/IP). 1. TUN driver ============= The TUN driver provides networking through the use of an IP tunnel. It is configured by the line netdev: tun0 -tun The network topology will look similar to the following example: -ethernet---------------------------------------- | | 130.237.226.234 | 130.237.226.239 eth0 | other_machine linux tun0 | 192.168.1.1 | | virtual +--- ip-tunnel ------- mol 192.168.1.2 That is, the linux box typically has two configured network interfaces: eth0 and tun0. The virtual tun network should use local IP addresses (these IP numbers have no meaning to external hosts). Unfortunately, mol can not connect to external hosts in the above setup (precisely because external hosts do not know that the 192.168.1.2 address sits behind the 130.237.226.234 box). The solution to this problem is NAT (network address translation, also called IP-masquerading). In this case we want to make it appear as if packets sent from MOL to an external host really originate from the linux box (an external host know how to reach 130.237.226.234 and linux forwards packets to MOL whenever appropriate). The following command configures NAT properly: /sbin/iptables -t nat -s 192.168.1.0/24 -d ! 192.168.1.1 -A POSTROUTING -j MASQUERADE IP forwarding should also be turned on: echo 1 > /proc/sys/net/ipv4/ip_forward MOL does both of these things from the /etc/mol/tunconfig script which is invoked automatically when MOL starts and exits. The default tunconfig script also starts a DHCP serverd if the /usr/sbin/dhcpd server is installed. If a dhcpd server is not installed, the TCP/IP settings must be configured by hand in MOL/MacOS. In the example above, MOL/MacOS would use the following: IP: 192.168.1.2 Netmask: 255.255.255.0 Gateway: 192.168.1.1 Nameserver: whatever The /dev/net/tun node is created by mknod /dev/net/tun c 10 200 The following kernel functions should be compiled into the kernel (or be available in the form of kernel modules): For the dhcp server: Socket Filtering (CONFIG_FILTER) Packet Socket (CONFIG_PACKET) For NAT: Network packet filtering (CONFIG_NETFILTER) Connection tracking (CONFIG_IP_NF_CONNTRACK) IP tables support (CONFIG_IP_NF_IPTABLES) Packet filtering (CONFIG_IP_NF_FILTER) Full NAT (CONFIG_IP_NF_NAT) MASQUERADE target support (CONFIG_IP_NF_TARGET_MASQUERADE) You can check whether the kernel has NAT support by doing: /sbin/iptables -t nat -L as root. 1. TAP driver ============= This driver works similar to the TUN driver above although MOL does not autoconfigure tap devices since it can be configured at boot (the tun device is only alive as long as MOL is running). To setup the tap device by hand, do the following: /sbin/ifconfig tap0 192.168.1.0 netmask 255.255.255.0 arp /sbin/iptables -t nat -s 192.168.1.0/24 -d ! 192.168.1.1 -A POSTROUTING -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward and add netdev: tap0 -tap to /etc/mol/molrc.net. The MOL/MacOS side shoule be configured as IP: 192.168.1.2 Netmask: 255.255.255.0 Gateway: 192.168.1.1 Nameserver: whatever