Skip to content

Instantly share code, notes, and snippets.

@s8sg

s8sg/NetworkingFirecracker.md

Last active April 18, 2024 02:45
Show Gist options
  • Star 12 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save s8sg/1acbe50c0d2b9be304cf46fa1e832847 to your computer and use it in GitHub Desktop.
Save s8sg/1acbe50c0d2b9be304cf46fa1e832847 to your computer and use it in GitHub Desktop.
Download ZIP
Networking with Firecracker
Raw
NetworkingFirecracker.md

Create Bridge interface on the host and give internet access

sudo ip link add name br0 type bridge
sudo ip addr add 172.20.0.1/24 dev br0
sudo ip link set dev br0 up
sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables --table nat --append POSTROUTING --out-interface enp3s0 -j MASQUERADE
sudo iptables --insert FORWARD --in-interface br0 -j ACCEPT

Create a tap device and link to the bridge

sudo ip tuntap add dev tap0 mode tap
sudo brctl addif br0 tap0
sudo ifconfig tap0 up

Get the mac

ip a | grep -A1 tap0 | grep ether

Add tap device

--tap-device=tap0/e2:40:73:d5:72:44

Inside the guest

ifconfig eth0 up && ip addr add dev eth0 172.20.0.2/16 && ip route 
add default via 172.20.0.1 && echo "nameserver 8.8.8.8" > /etc/resolv.conf

2nd way

If you're using wireless and want to give the vm network access -- or don't want to use a bridge -- you can route from a tap device like this:

sudo ip tuntap add tap0 mode tap # user $(id -u) group $(id -g)
sudo ip addr add 172.17.100.1/24 dev tap0
sudo ip link set tap0 up
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
sudo iptables -t nat -A POSTROUTING -o $WIRELESS_DEVICE_NAME -j MASQUERADE
sudo iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i tap0 -o $WIRELESS_DEVICE_NAME -j ACCEPT
($WIRELESS_DEVICE_NAME can be any bridge, wireless, or ethernet that exists on the host)

then from within the guest set an IP in the range that you gave tap0, just like how @bencord0 wrote:

ip addr add 172.17.100.10/24 dev eth0
ip route add default via 172.17.100.1 dev eth0

NB: this will also give your VM access to the other devices on your local network!

to tear it down (without rebooting):

sudo iptables -F
sudo ip link del tap0
sudo sh -c "echo 0 > /proc/sys/net/ipv4/ip_forward" # usually the default
@srikantpatnaik
Copy link

I believe you mean br0 instead of docker0
sudo brctl addif docker0 tap0

@s8sg
Copy link
Author

s8sg commented Jul 11, 2019

@srikantpatnaik yeah. Updated it.

@K40N
Copy link

K40N commented Apr 18, 2024

I've been screwing around trying to get networking to work right for days... this saved me. Thank you so much! :)

(I had to do it the second way since i was on wifi)

Also just in case it's helpful for anyone:

  1. You can get the interface name you're currently using with ip -o -4 route show to default | awk '{print $5}'.
  2. Even though it wasn't explicitly mentioned, when doing things the second way, you do the same thing where you pass --tap-device <your-tap-device>/<associated-mac-addr>. Maybe this is obvious but I figured I might as well put it here. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment