Networking with MOL
===================
MOL networking is configured from /etc/mol/molrc.net. MOL supports
three different network drivers:
1. SheepNet driver
2. TUN driver
3. TAP driver
By default MOL is configured to use the SheepNet driver
(for AppleTalk) and the TUN driver for TCP/IP.
1. SheepNet driver
==================
Configuration of this driver is simple. Just make sure the config file
contains something similar to
netdev: eth0 -sheep
The sheep net driver shares the specified ethernet interface between
MOL and MacOS. The network topology typically looks like follows:
130.237.226.235
mol (sheep_net)
|
-ethernet-----------------------------------------
| |
linux (eth0) other_machine
130.237.226.234 130.237.226.239
That is, MOL looks like a separate host on the network.
In particular, a TCP/IP number different than the one used
by the linux host must be used. If IP numbers are obtained
though DHCP, this might be a problem.
The sheep_net driver works well with AppleTalk. It is recommended
that the sheep_net driver is used exclusively for AppeleTalk
(the tun driver performs better for TCP/IP).
1. TUN driver
=============
The TUN driver provides networking through the use of an
IP tunnel. It is configured by the line
netdev: tun0 -tun
The network topology will look similar to the following
example:
-ethernet----------------------------------------
| |
130.237.226.234 | 130.237.226.239
eth0 | other_machine
linux
tun0 |
192.168.1.1 |
| virtual
+--- ip-tunnel ------- mol
192.168.1.2
That is, the linux box typically has two configured network
interfaces: eth0 and tun0. The virtual tun network should use
local IP addresses (these IP numbers have no meaning
to external hosts).
Unfortunately, mol can not connect to external hosts in
the above setup (precisely because external hosts do not
know that the 192.168.1.2 address sits behind the
130.237.226.234 box).
The solution to this problem is NAT (network address translation,
also called IP-masquerading). In this case we want to make it
appear as if packets sent from MOL to an external host really
originate from the linux box (an external host know how to reach
130.237.226.234 and linux forwards packets to MOL
whenever appropriate).
The following command configures NAT properly:
/sbin/iptables -t nat -s 192.168.1.0/24 -d ! 192.168.1.1
-A POSTROUTING -j MASQUERADE
IP forwarding should also be turned on:
echo 1 > /proc/sys/net/ipv4/ip_forward
MOL does both of these things from the /etc/mol/tunconfig script
which is invoked automatically when MOL starts and exits. The
default tunconfig script also starts a DHCP serverd if the
/usr/sbin/dhcpd server is installed.
If a dhcpd server is not installed, the TCP/IP settings
must be configured by hand in MOL/MacOS. In the example
above, MOL/MacOS would use the following:
IP: 192.168.1.2
Netmask: 255.255.255.0
Gateway: 192.168.1.1
Nameserver: whatever
The /dev/net/tun node is created by
mknod /dev/net/tun c 10 200
The following kernel functions should be compiled into the
kernel (or be available in the form of kernel modules):
For the dhcp server:
Socket Filtering (CONFIG_FILTER)
Packet Socket (CONFIG_PACKET)
For NAT:
Network packet filtering (CONFIG_NETFILTER)
Connection tracking (CONFIG_IP_NF_CONNTRACK)
IP tables support (CONFIG_IP_NF_IPTABLES)
Packet filtering (CONFIG_IP_NF_FILTER)
Full NAT (CONFIG_IP_NF_NAT)
MASQUERADE target support (CONFIG_IP_NF_TARGET_MASQUERADE)
You can check whether the kernel has NAT support by doing:
/sbin/iptables -t nat -L
as root.
1. TAP driver
=============
This driver works similar to the TUN driver above although MOL does
not autoconfigure tap devices since it can be configured at boot
(the tun device is only alive as long as MOL is running).
To setup the tap device by hand, do the following:
/sbin/ifconfig tap0 192.168.1.0 netmask 255.255.255.0 arp
/sbin/iptables -t nat -s 192.168.1.0/24 -d ! 192.168.1.1
-A POSTROUTING -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
and add
netdev: tap0 -tap
to /etc/mol/molrc.net. The MOL/MacOS side shoule
be configured as
IP: 192.168.1.2
Netmask: 255.255.255.0
Gateway: 192.168.1.1
Nameserver: whatever
