U-verse notes

This was accomplished on Debian 5.0.2 running the default kernel 2.6.26 using a single physical NIC card connected to the gateway using an ethernet cable.

I have not tested these instructions on any other variant of linux or kernel so I do not know what results there would be. I can state that these instructions do work for the above setup, however.

Perform all steps in this document as root user (or using sudo)

Step 1. Make node for tun

mercury:~# mknod /dev/tun c 10 220

Step 2. Load required kernel module

mercury:~# modprobe tun

Test if the module loaded successfully:

mercury:~# lsmod | grep tun tun 8356 19

If it did not, you will need to recompile the kernel with this module <<Universal TUN/TAP driver>>

Step 3. Identify a single NIC card that will be used as your physical NIC card

This is the only NIC card that needs to be plugged into the gateway.

The easiest way to identify this is by using ifconfig to find which ethernet device is currently connected to the internet.

mercury:~# ifconfig eth2 Link encap:Ethernet HWaddr 00:40:05:0c:53:2e

 inet addr:XX.XX.XXX.XXX  Bcast:XX.XX.XXX.XXX  Mask:
 inet6 addr: XXXXXXXXXXXXXX Scope:Link
 RX packets:672795 errors:0 dropped:0 overruns:0 frame:0
 TX packets:650968 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000 
 RX bytes:43883797 (41.8 MiB)  TX bytes:43102269 (41.1 MiB)
 Interrupt:3 Base address:0xd400 

lo Link encap:Local Loopback

 inet addr:  Mask:
 inet6 addr: ::1/128 Scope:Host
 RX packets:3279 errors:0 dropped:0 overruns:0 frame:0
 TX packets:3279 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:0 
 RX bytes:338942 (330.9 KiB)  TX bytes:338942 (330.9 KiB)

In this case, I want to use eth2. If there are more than one ethernet device connected, you should just choose one. I recommend disconnecting the cables from all other ethernet cards except the chosen card to avoid conflict.

If you do not see a device here (other than lo), you can find one with trial and error in Step 4.

Step 4. Edit /etc/network/interfaces with your favorite editor

Empty the entire contents of this file and replace it with the following:

auto lo
iface lo inet loopback
auto eth2
allow-hotplug eth2
iface eth2 inet static
address XX.XX.XXX.XXX
gateway XX.XX.XXX.XXX
broadcast XXX.XXX.XXX.XXX

Of course, you need to replace eth2 with the name of the interface you chose in Step 3. If you did not choose one, disconnect cables from all ethernet cards except one and start with eth1. You will repeat this step until you can connect to google.com.

Replace address with the IP address you want to assign to this NIC card. This IP will be a public, not private, IP.

Replace gateway with the gateway public IP address (not private) that you assigned when you setup the IP addresses in the gateway.

Replace netmask with the appropriate netmask. for a block of 8, for a block of 128, look online for other blocks.

Replace broadcast with the broadcast address. This would be the first three numbers of your IP address followed by 255. So if you were assigned 99.65.240.XXX you would use as your broadcast.

Save the file and exit back to the command prompt.

Restart networking

mercury:~# /etc/init.d/networking restart

Run ifconfig and you should get output just like Step 3. Just one ethernet device and a loopback device.

Attempt to ping google.com.

mercury:~# ping google.com

If it works, you can move on.

If it does not, edit the file replacing with a higher eth number. For example eth2, eth3, or eth4 and restart networking again. Once you can ping google.com, you are ready to move on.

Step 5. Preparing to make virtual ethernet devices

Download and extract vethd from: http://www.geocities.com/nestorjpg/veth/

change into the newly extracted directory and type 'make' to compile.

Once compiled do:

cp vethd /bin/vethd && chmod 700 /bin/vethd

Download easymac from http://www.easyvmx.com/software/easymac.sh

copy the script to /bin/easymac and chmod 700 (remove the .sh extension when copying)

Create a new file called /bin/genmacaddr that contains the following lines:

  1. !/bin/sh

/bin/easymac -r | awk '{print $5}'

chmod 700 genmacaddr

typing genmacaddr should now display a unique mac address.

You are now officially setup to create additional network connections so let's get started.

Step 6. Create new if-up.d script

For this step, we need to add our new virtual ethernet devices to a special script that gets ran everytime a new interface is brought online. The reason for this is because once the actual interface goes down all virtual ethernet devices are destroyed.

To get around this, we check to see if the physical ethernet device was just brought up. If it was, we create our virtual devices again.

So create a new file called /etc/network/if-up.d/veth

Inside this file add the following lines:

  1. ! /bin/sh

if [ "$IFACE" = eth2 ]; then

 /bin/vethd -v veth1 -e eth2 -m 00:ff:29:b2:04:fd;
 /bin/vethd -v veth2 -e eth2 -m 00:0c:29:59:57:72;
 /usr/sbin/arping -q -i eth2 XX.XX.XX.XX &>/dev/null &


if [ "$IFACE" = veth1 ]; then

 /usr/sbin/arping -q -i veth1 XX.XX.XX.XX &>/dev/null &


if [ "$IFACE" = veth2 ]; then

 /usr/sbin/arping -q -i veth2 XX.XX.XX.XX &>/dev/null &


Replace 'eth2' with the appropriate name for your physical device. Then add a new /bin/vethd line for each IP you want to add. Change 'eth2' on these lines to be the name of your physical device. Make sure you assign a unique mac address (use genmacaddr created in the previous step) to each one and keep the same veth naming scheme. veth1, veth2, veth3, etc... there is no veth0. Replace 'eth2' in the arping line with your physical device name. You may also need to change the path to arping if it complains. Change XX.XX.XX.XX to your gateway's public IP.

Add a new 'if' block for each veth device setup above. Don't forget to change XX.XX.XX.XX to your gateway's public IP.

Save and exit this file.

chmod 755 /etc/network/if-up.d/veth

This script runs after every interface is brought up. Once the physical device is brought up, it creates the veth devices again with the same information each time. It then begins arping the gateway's public IP in the background.

After each veth is brought up it starts arping from that device as well in the background.

Step 7. Modify /etc/network/interfaces

Open /etc/network/interfaces in your favorite editor.

At the END of the file, add the below block of text for each veth device you created in Step 6.

auto veth1 allow-hotplug veth1 iface veth1 inet static

 address XX.XX.XX.XX
 gateway XX.XX.XX.XX
 netmask XX.XX.XX.XX
 broadcast XX.XX.XX.XX

The gateway, netmask, and broadcast will be the same for every block and should match that of the physical device. Only the address and veth device name will change.

Save the file and exit.

Step 8. Shutting down

Don't forget we have arping running in the background. We want these arping processes to stop once networking is shut down.

Create a new script /etc/network/if-post-down.d/veth

Add the following contents:

  1. ! /bin/sh

for i in `pgrep arping` do kill -9 $i; done

Save and exit.

chmod 755 /etc/network/if-post-down.d/veth

Step 9. Checking for arping

Sometimes arping is missing from debian. Type apt-get install arping to ensure you have this package installed as it is mandatory.

Step 10. Restart networking

Restart networking with /etc/init.d/networking restart

Some errors may appear but these are normal. It is also common for this process to take a few minutes on slower machines. Please be patient.

Once this process is completed, type ifconfig.

You should see your physical device, local loopback, and each veth device you setup with their public IPs listed.

Test them.

ping -I eth2 google.com ping -I veth1 google.com ping -I veth2 google.com

It will say "pinging FROM XX.XX.XX.XX" check that XX.XX.XX.XX is the expected IP for that interface. Also check that you are receiving responses from google.com

Congratulations, you now have outgoing connections.

Step 11. Test incoming connections

There are two ways to perform this test properly. This test will NOT produce accurate results if ran from within the network. IE, you MUST use a computer that is NOT connected to the gateway in any way or you must use a proxy.

Method 1. Proxy

Visit http://www.pagewash.com and type each of your IPs in (uncheck all 4 boxes) one at a time. You should see a webpage pop up. If you do, that IP works for all incoming connections (assuming you don't have iptables setup). You will, of course, need a webserver to test with. If you do not plan on running a webserver just do apt-get install lighttpd during the test then remove it.

Method 2. External network

Visit another computer in a different physical location (not connected to your gateway in any way) and try to SSH into your server. If it works, that IP works.

Regardless of your chosen method, test each IP. They should all work.

Conclusion / Summary

vethd + tun module allows the creation of virtual ethernet devices with unique mac addresses that are bridged to a physical device. These virtual devices are broadcast as physical devices to the outside world.

Using vethd + tun will get you static IPs for outgoing connections but not incoming connections (the router will be confused).

The way to get the incoming connections enabled is to arping the router from each interface. By arping, the router realizes you are connected. This is not permanent, however, so we have to arp every second for as long as the connection is online.

This will take a small amount of bandwidth over the network but should not heavily affect external connections (just LAN traffic being used).

By creating two custom scripts and modifying the interfaces file we have automated the setup.

To add a new interface, you just have to edit /etc/network/if-up.d/veth and /etc/network/interfaces then restart networking.

Top Page wiki Index


This information may have errors; It is not permissible to be read by anyone who has ever met a lawyer.
Use is confined to Engineers with more than 370 course hours of electronic engineering for theoretical studies.
ph +1(785) 841-3089

Email inform@xtronics.com

(C) Copyright 1994-2017, Transtronics, Inc. All rights reserved
TranstronicsĀ® is a registered trademark of Transtronics, Inc.
All trademarks are the property of their respective owners.