fbtunnel

© Rick Payne rickp@rossfell.co.uk
$Id: config.html,v 1.12 2003/08/08 20:33:51 rickp Exp $ 		Setup Setup Setup Route Filter Tunnel FireBrick

Please see the Route and Tunnel links above to see how I configure my FireBrick®

Linux

For fbtunnel you need to have the tun device available. Usually this is a module that is already available and a simple 'modprobe tun' will work. Its also common that the /dev/net/tun device is mising on Linux. This needs to be created:
  $ sudo mkdir /dev/net
  $ sudo mknod /dev/net/tun c 10 200
  $ sudo chmod 0700 /dev/net/tun
If you don't use 'sudo' - then just su to root first. Invoke fbtunnel as root giving it the remote tunnel-id (the tunnel number on the firebrick), the secret you configured, your local IP address and the IP address of the FireBrick®. For example
  $ sudo fbtunnel 2 mysecret 10.1.1.1 192.168.1.1
  Tunnel is using tun0
  Tunnel pid is 8877
  $
  $ ifconfig tun0
  tun0      Link encap:Point-to-Point Protocol  
            inet addr:10.1.1.1  P-t-P:10.1.1.1  Mask:255.255.255.255
            UP POINTOPOINT RUNNING  MTU:1500  Metric:1
            RX packets:0 errors:0 dropped:0 overruns:0 frame:0
            TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:10 
            RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
The tunnel is up, using tun0 and the interface is up - things are good!  Once the tunnel is up I usually then edit the routing table like this:
  $ sudo ip route add 192.168.1.1/32 via my-gateway-ip 
  $ sudo ip route replace default dev tun0
All traffic should now be flowing over the tunnel interface. Whether you do that or not is up to you. Once you've finished, you can bring the tunnel down:
  $ sudo kill -2 8877
  $ ifconfig tun0
  tun0: error fetching interface information: Device not found

MacOS-X

Unfortunately, MacOS-X does not ship with a tun device - even though darwin has support for it. The good news is that Christoph Pfisterer has ported it for us. Grab his tunnel code and install it. It works well enough for me. Once installed, you can bring up a tunnel as for linux - but you get a couple of warnings related to missing code.
  $ sudo fbtunnel 2 mysecret 10.1.1.1 192.168.1.1
  Can't set ip on tun0 just yet, please do it manually
  Tunnel is using tun0
  Tunnel pid is 5178
  $ Can't mark tun0 as up just yet, please do it manually
  $
  $ ifconfig tun0
  tun0: flags=10<POINTOPOINT> mtu 1500
The code to configure the tun interface is missing at the moment (see the bug list). So for now, configure the tun interface manually. You need to supply a tunnel destination address, so just use '1.1.1.1':
  $ sudo ifconfig tun0 10.1.1.1 1.1.1.1 up
  $ ifconfig tun0
  tun0: flags=51<UP,POINTOPOINT,RUNNING> mtu 1500
        inet 81.2.69.128 --> 1.1.1.1 netmask 0xff000000
Then modify the routing table using the route command:
  $ sudo route add -host 192.168.1.1 my-gateway-ip
  $ sudo route delete -net 0.0.0.0
  $ sudo route add -net 0.0.0.0 -link tun0

FireBrick® is a registered trademark of Andrews & Arnold and Watchfront Electronics
fbtunnel is hosted on SourceForge.net Logo