From fd61ad2b0cff9126bcda57a0490366c14658d5b8 Mon Sep 17 00:00:00 2001
From: gbeauche <>
Date: Sat, 14 May 2005 16:08:17 +0000
Subject: [PATCH] Try to improve the documentation concerning the "tun"
 interface. Take note that that kernel module must be loaded and IP forwarding
 enabled. Also add slight improvements to the "tunconfig" script so that sudo
 /sbin/ifconfig and sudo /sbin/iptables are really supported for current user
 if not root.

---
 BasiliskII/README             |  6 +++++
 BasiliskII/src/Unix/tunconfig | 41 +++++++++++++++++++++++++++--------
 2 files changed, 38 insertions(+), 9 deletions(-)

diff --git a/BasiliskII/README b/BasiliskII/README
index 0142b066..8424db4d 100644
--- a/BasiliskII/README
+++ b/BasiliskII/README
@@ -442,6 +442,12 @@ ether <ethernet card description>
          instead of sending packets via physical media writes them to
          the user space program.
 
+         Prerequesties:
+         - Make sure the "tun" kernel module is loaded
+           # modprobe tun
+         - Make sure IP Fordwarding is enabled on your system
+           # echo 1 >/proc/sys/net/ipv4/ip_forward
+
          A virtual network configuration script is required and the
          default is /usr/local/BasiliskII/tunconfig unless you specify
          a different file with the "etherconfig" item.
diff --git a/BasiliskII/src/Unix/tunconfig b/BasiliskII/src/Unix/tunconfig
index d2adcaa3..c2ec8fb3 100755
--- a/BasiliskII/src/Unix/tunconfig
+++ b/BasiliskII/src/Unix/tunconfig
@@ -11,13 +11,23 @@
 # If the linux box is configured as a firewall, the rules below might
 # need some adjustments.
 #
+# The IP Tunnel driver requires IP forwarding to be enabled. Run as root:
+#
+#       echo 1 >/proc/sys/net/ipv4/ip_forward
+#
 ###########################################################################
 
 SUDO=/usr/bin/sudo
+IFCONFIG=/sbin/ifconfig
 IPTABLES=/sbin/iptables
 
 #########################################################
 
+[[ "x$1" = "x-n" ]] && {
+    DONT_EXECUTE=yes
+    shift 1
+}
+
 TUN_DEV=$1
 ACTION=$2
 
@@ -31,22 +41,35 @@ TUN_HOST=172.20.$NET_NUM.1
 #########################################################
 
 [[ $# = 2 ]] || {
-	echo "Usage: tunconfig iface up|down"
+	echo "Usage: tunconfig [-n] iface up|down"
     exit 2
 }
 
 [[ "`id -u`" = "0" ]] && {
-	echo "---> $SUDO not necessary." 1>&2
-	SUDO=""
+    echo "---> $SUDO not necessary." 1>&2
+    SUDO=""
 }
 
-[[ -x $IPTABLES ]] && {
-	IPTABLES="$SUDO $IPTABLES"
-} || {
+[[ -x $IPTABLES ]] || {
     echo "---> $IPTABLES not found." 1>&2
-	IPTABLES=/bin/true
+    exit 1
 }
 
+if [ -n "$SUDO" ]; then
+    $SUDO -l | grep -q "NOPASSWD: $IFCONFIG" || {
+        echo "---> Missing sudo NOPASSWD: $IFCONFIG." 1>&2
+        exit 1
+    }
+    $SUDO -l | grep -q "NOPASSWD: $IPTABLES" || {
+        echo "---> Missing sudo NOPASSWD: $IPTABLES." 1>&2
+        exit 1
+    }
+    IFCONFIG="$SUDO $IFCONFIG"
+    IPTABLES="$SUDO $IPTABLES"
+fi
+
+[[ "x$DONT_EXECUTE" = "xyes" ]] && exit 0
+
 $IPTABLES -L -n -t nat > /dev/null || exit 1
 
 #########################################################
@@ -62,7 +85,7 @@ $IPTABLES -L -n -t nat > /dev/null || exit 1
 #########################################################
 
 [[ "$ACTION" = down ]] && {
-    $SUDO /sbin/ifconfig $TUN_DEV down
+    $IFCONFIG $TUN_DEV down
 }
 
 #########################################################
@@ -70,7 +93,7 @@ $IPTABLES -L -n -t nat > /dev/null || exit 1
 #########################################################
 
 [[ "$ACTION" = up ]] && {
-    $SUDO /sbin/ifconfig $TUN_DEV $TUN_HOST
+    $IFCONFIG $TUN_DEV $TUN_HOST
 
     # masquerade the tun network
     $IPTABLES -t nat -A POSTROUTING -s $TUN_NET -d ! $TUN_NET -j MASQUERADE