HOWTO: Automating Bridges and TUN/TAP

This isn’t ground-breaking stuff by any means, it’s more just a simple reminder for myself about how I did certain things in order to get a network bridge set up under Ubuntu 8.04, and to create a Tap connection that I could then use in VirtualBox to let routes and all that shiny stuff work. It doesn’t explain things fully (I don’t understand it), but it does cover what I did, hopefully step by step.
This only made sense thanks to the following pages:

1. https://help.ubuntu.com/community/VirtualBox#Create%20A%20Bridge
2. http://ubuntuforums.org/showthread.php?t=830777
3. http://ubuntuforums.org/showthread.php?t=752127

Anyway, let’s begin.

Does it Work…?

First step along this Rocky Road to Near-Fail was to follow the useful advice in Link 1 above, and thus making sure that creating a bridge and activating it and the TUN/TAP actually worked. It did. From that link, I did the following:

~$ sudo aptitude install bridge-utils uml-utilities

This installs the pre-requisite applications to do the fun stuff.
The second point depends on your viewpoint, but it’s probably worth backing up your current /etc/network/interfaces file in case you manage to break something:

~$ sudo cp /etc/network/interfaces /etc/network/interfaces.good

Obviously, what you call and where you place the backup is up to you. Just make sure it’s something you remember later.

Now for preparing the bridge itself. Fun:

~$ sudo tunctl -t tap1 -u USERNAME
~$ sudo chown root.vboxusers /dev/net/tun
~$ sudo chmod g+rw /dev/net/tun

Next up, we need to edit another file, apparently to help make permissions persist after reboots. The file we need to edit is /etc/udev/rules.d/20-names.rules
Again, we need to edit this as root, so from the terminal:

~$ sudo [$editor_du_jour] /etc/udev/rules.d/20-names.rules

And then at the end of that file, find the following line:
KERNEL=="tun", NAME="net/%k"
And add the following to make it look like this:
KERNEL=="tun", NAME="net/%k", GROUP="vboxusers", MODE="0660"

Take whichever process your editor takes for saving and closing that.

Now we can create the bridge itself:

~$ sudo brctl addbr br0

Now put the network interface into promiscuous mode, add it to the bridge, and set the Bridge to DHCP (if you are using DHCP, if not, ignore these and see the next statement):

~$ sudo ifconfig eth0 0.0.0.0 promisc
~$ sudo brctl addif br0 eth0
~$ sudo dhclient br0

If you are NOT using DHCP, and have a STATIC IP, follow this example:
~$ sudo ifconfig br0 192.168.1.105 netmask 255.255.0.0
~$ sudo route add default gw 192.168.1.1 br0

(Obviously, replace the IP, Netmask, and Gateway IPs with your own…)

Now, simply add the tap1 device to the bridge and bring up the interface:

~$ sudo brctl addif br0 tap1
~$ sudo ifconfig tap1 up

Last thing I did was just to run ifconfig to double check everything that should be there is there. You should have the Bridge (br0) with your IP Address, the physical interface (eth0) set promiscuously, and the TAP, tap1.

Opening up VirtualBox and change the appropriate network settings for your VirtualMachine to point to the new tap device (in my case, tap1). First step in that is to change the ‘Attached To’ drop-down to point to ‘Host Interface’.

Screenshot of the Settings

Starting the VirtualMachine now should be effortless, and when it starts up (and you add them), the same routes you’ve been using should work just fine… so ping, ping away!

Making it Permanent

The initial instructions I was hoping to follow from Link 1 didn’t work out all too well for me, so I was back trying to work out exactly where I could fix it. Thankfully, SpaceTeddy on the Ubuntu forums was able to point me in the right direction of some useful hints he’d written.
In the end, I did the following.
First step is to go back and edit /etc/network/interfaces with your preferred Text Editor. You need to be root to do this. In there, you are replacing your current Physical Interface settings for the bridge, or, in my case, swapping out eth0 for br0. Then you are adding a rule to tell the bridge it using your physical interface (eth0). Finally you are adding the stuff that brings eth0 up as promiscuous. It should look like this:

auto br0
iface br0 inet static
bridge_ports eth1
auto eth1
iface eth1 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down

It’s probably worthwhile noting that you SHOULD NOT remove the references to the Loopback Interface (lo), but do make sure any other references to your physical interface are commented out, or plain old deleted – you made a backup anyway, right?

After doing that, the only thing left to include is finding a way to bring the TAP interface up on startup. The other guides do mention ways to do it through /etc/network/interfaces but they didn’t work for me – I still don’t know why.

Instead, I just added the commands to /etc/rc.local, along with the routes I need to bring up everytime I startup. This was as simple a case as opening up the file in my preferred text editor (again, sudo is needed) and adding the following:

tunctl -t tap1 -u MyUser
brctl addif br0 tap1
ifconfig tap1 up

exit 0

Make sure to keep the ‘exit 0’ at the end of that file – it seems to work.

And that massively over-lengthy block of text is all that you need to do. I will try and refine this at some point but, this works for me and seems easy enough to follow if I need to remind myself what I did again.

Leave a Reply

Your email address will not be published. Required fields are marked *