Aranym does not require a network, however having one can be terribly useful. How you configure your network depends on your host, network, and your plans for Aranym use. Buildds are required to have working email, web client access (for source and binary packages), ssh client access (for wanna-buildd), and nearly always have ssh server access (for remote admins).

Tun

Your host kernel requires CONFIG_TUN support. This is a module on current debian kernels, so you may need modprobe tun.

To verify tun is working.

$ cat /proc/misc
200 tun

Your aranym user needs permission to access /dev/net/tun.

$ ls -l /dev/net/tun
crw-rw---- 1 root uml-net 10, 200 2008-06-16 18:35 /dev/net/tun

In this case the account needs to be added to the uml-net group.

usermod -G uml-net stephen

Bridging

Bridging is fairly straightforward to setup and is the only solution that allows aranym to use dhcp for network configuration. It will also significantly alter how your host machine accesses the network. It will seem that br0 has replaced eth0 for such things as ifupdown and ifconfig.

Install bridge-utils. Be warned that aranym recommends ipmasq which messes with the default iptables rules and breaks bridging. Usually I purge ipmasq first thing. (I have removed ipmasq from recommended packages in version 0.9.8beta)

Here are some examples. You will want to change usernames and ip addresses appropriately. Both br0 and tap0 could take dhcp addresses, for instance.

/etc/network/interfaces:

iface eth0 inet manual

auto tap0
iface tap0 inet manual
        tunctl_user stephen
        up ifconfig tap0 promisc arp 0.0.0.0 up

auto br0
iface br0 inet static
        bridge_ports eth0 tap0
        bridge_stp off
        bridge_maxwait 5
        address 10.0.0.11
        netmask 255.0.0.0
        network 10.0.0.0
        broadcast 10.255.255.255
        gateway 10.0.0.1

The aranym config has this:

[ETH0]
Type = bridge
Tunnel = tap0
Mac = 52:54:00:12:01:01

Where Mac is whatever fake Mac address you want to use, which can be useful for dhcp, and you can skip otherwise.

Point-to-Point

Using a point-to-point configuration and some iptables, you can masquerade aranym behind any IP. This is a very common setup. Roman Zippel commented here that aratapif is little more than ifconfig. and recent kernels require net_admin capabilities. Since you need root anyway, why bother with aratapif.

host /etc/network/interfaces:

auto tap0
iface tap0 inet static
        address 192.168.0.1
        pointopoint 192.168.0.2
        netmask 255.255.255.255
        tunctl_user stephen
        up iptables -t nat -A POSTROUTING -s 192.168.0.2 -j MASQUERADE
        down iptables -t nat -D POSTROUTING -s 192.168.0.2 -j MASQUERADE

Bridge really just makes aranym not call aratapif, so the aranym config has this:

[ETH0]
Type = bridge
Tunnel = tap0

aranym /etc/network/interfaces:

auto eth0
iface eth0 inet static
        address 192.168.0.2
        pointopoint 192.168.0.1
        netmask 255.255.255.255
        gateway 192.168.0.1

You also need to enable forwarding on the host. echo 1 > /proc/sys/net/ipv4/ip_forward

So far this configuration has aranym only available from the host, not from the network. If you want aranym accessible from the network, you need to add the following to the tap0 stanza. This will make port 3000 on the host computer connect to port 22 of the aranym system.

up iptables -t nat -A PREROUTING -p tcp --dport 3000 -j DNAT --to-destination 192.168.0.2:22
down iptables -t nat -D PREROUTING -p tcp --dport 3000 -j DNAT --to-destination 192.168.0.2:22

Mini-Network

Roman Zippel contributed a really interesting setup here and here. Aranym can only see the local network, so you'll probably need a proxy and/or some port forwarding depending on your uses.

Install uml-utilities.

/etc/network/interfaces:

iface tap0 inet static
        address 192.168.3.133
        netmask 255.255.255.255
        tunctl_user roman
        uml_proxy_arp 192.168.3.134
        uml_proxy_ether eth0

This creates a mini network within the local network. Then ip_forward in /etc/sysctl.conf has to be enabled, so that aranym sees the rest of the network.

The aranym config has this:

[ETH0]
Type = ptp
Tunnel = tap0
HostIP = 192.168.3.133
AtariIP = 192.168.3.134
Netmask = 255.255.255.252

Pick a free ip address from the local network for aranym.

Port Forwarding

If you are running behind a firewall of which you have control, you may wish to be able to access aranym's ssh from the internet. In that case you need to use port forwarding or DNAT.

If you're using shorewall you can use the following in rules.

DNAT    net     loc:10.0.0.17:22        tcp     4443

If you're using iptables you can use something like the following.

$IPTABLES -t nat -A PREROUTING -p tcp -i $INET_IFACE --dport 4443 -j DNAT --to-destination 10.0.0.17:22