BitesizedLion/guide.md

Created February 24, 2025 00:25

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/BitesizedLion/a91403b0ef20a599634a93f8198b0194.js"></script>
Save BitesizedLion/a91403b0ef20a599634a93f8198b0194 to your computer and use it in GitHub Desktop.

Download ZIP

firecracker multiple vms, taps + bridge, external access

Raw

Create bridge

sudo ip link add name fc-88-br0 type bridge
sudo ip link set fc-88-br0 up
sudo ip addr add 10.10.10.1/24 dev fc-88-br0

Create tap interfaces and add to bridge

sudo ip tuntap add dev fc-88-tap0 mode tap
sudo ip link set fc-88-tap0 up
sudo ip link set fc-88-tap0 master fc-88-br0

sudo ip tuntap add dev fc-88-tap1 mode tap
sudo ip link set fc-88-tap1 up
sudo ip link set fc-88-tap1 master fc-88-br0

Enable IP forwarding

sudo sysctl -w net.ipv4.ip_forward=1
echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf

Add iptables rules

sudo iptables -A FORWARD -i fc-88-br0 -o enp1s0 -j ACCEPT
sudo iptables -A FORWARD -i enp1s0 -o fc-88-br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE

VM 1

firectl \
  --kernel=hello-vmlinux.bin \
  --root-drive=hello-rootfs.ext4 \
  --tap-device=fc-88-tap0/02:FC:00:00:00:05 \
  --kernel-opts="console=ttyS0 noapic reboot=k panic=1 pci=off nomodules rw ip=10.10.10.2::10.10.10.1:255.255.255.0::eth0:off"

VM 2

firectl \
  --kernel=hello-vmlinux.bin \
  --root-drive=hello-rootfs.ext4 \
  --tap-device=fc-88-tap1/02:FC:00:00:00:06 \
  --kernel-opts="console=ttyS0 noapic reboot=k panic=1 pci=off nomodules rw ip=10.10.10.3::10.10.10.1:255.255.255.0::eth0:off"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment