Aranym does not require a network, however having one can be terribly useful. How you configure your network depends on your host, network, and your plans for ["Aranym"] use. Buildds are required to have working email, web client access (for source and binary packages), ssh client access (for wanna-buildd), and nearly always have ssh server access (for remote admins).

?Anchor(tun)

Tun

Your host kernel requires CONFIG_TUN support. This is a module on current debian kernels, so you may need modprobe tun.

To verify tun is working.

{{{$ cat /proc/misc 200 tun }}}

Your aranym user needs permission to access /dev/net/tun.

$ ls -l /dev/net/tun
crw-rw---- 1 root uml-net 10, 200 2008-06-16 18:35 /dev/net/tun

In this case the account needs to be added to the uml-net group.

usermod -G uml-net stephen

?Anchor(bridge)

Bridging

Bridging is fairly straightforward to setup and is the only solution that allows aranym to use dhcp for network configuration. It will also significantly alter how your host machine accesses the network. It will seem that br0 has replaced eth0 for such things as ifupdown and ifconfig.

Install bridge-utils. Be warned that aranym recommends ipmasq which messes with the default iptables rules and breaks bridging. Usually I purge ipmasq first thing.

Here are some examples. You will want to change usernames and ip addresses appropriately. Both br0 and tap0 could take dhcp addresses, for instance.

/etc/network/interfaces:

{{{iface eth0 inet manual

auto tap0 iface tap0 inet manual

auto br0 iface br0 inet static

}}}

The aranym config has this:

{{{[ETH0] Type = bridge Tunnel = tap0 Mac = 52:54:00:12:01:01 }}}

Where Mac is whatever fake Mac address you want to use, which can be useful for dhcp, and you can skip otherwise.

?Anchor(ptp)

Point-to-Point

Using a point-to-point configuration and some iptables, you can masquerade aranym behind any IP. This is a very common setup.

{{{sudo tunctl -t tap0 -u smarenka sudo aratapif tap0 192.168.0.1 192.168.0.2 255.255.255.0 1500 sudo iptables -D POSTROUTING -t nat -s 192.168.0.0/24 -d ! 192.168.0.0/24 -j MASQUERADE >& /dev/null sudo iptables -t nat -s 192.168.0.0/24 -d ! 192.168.0.0/24 -A POSTROUTING -j MASQUERADE }}}

The aranym config has this:

{{{[ETH0] Type = ptp Tunnel = tap0 HostIP = 192.168.0.1 AtariIP = 192.168.0.2 Netmask = 255.255.255.0 }}}

?Anchor(mini)

Mini-Network

Roman Zippel contributed a really interesting setup in http://lists.debian.org/debian-68k/2008/02/msg00160.html. Aranym can only see the local network, so you'll probably need a proxy and/or some port forwarding depending on your uses.

Install uml-utilities.

/etc/network/interfaces:

{{{iface tap0 inet static

}}}

This creates a mini network within the local network. Then ip_forward in /etc/sysctl.conf has to be enabled, so that aranym sees the rest of the network.

The aranym config has this:

{{{[ETH0] Type = ptp Tunnel = tap0 HostIP = 192.168.3.133 AtariIP = 192.168.3.134 Netmask = 255.255.255.252 }}}

?Anchor(portforward)

Port Forwarding

If you are running behind a firewall of which you have control, you may wish to be able to access aranym's ssh from the internet. In that case you need to use port forwarding or DNAT.

If you're using shorewall you can use the following in rules.

DNAT    net     loc:10.0.0.17:22        tcp     4443

If you're using iptables you can use something like the following.

$IPTABLES -t nat -A PREROUTING -p tcp -i $INET_IFACE --dport 4443 -j DNAT --to-destination 10.0.0.17:22