# Firecracker Network Setup Firecracker has a solid documentation on setting up network: https://github.com/firecracker-microvm/firecracker/blob/master/docs/network-setup.md. Basically, I followed these steps and in the end I was able to connect a Firecracker instance to Internet. 1. Create an iptable backup file, we’ll need it during clean up: ```bash $ sudo iptables-save > iptables.rules.old ``` 2. Create a `tap` device: ```bash $ sudo ip tuntap add tap0 mode tap ``` 3. Create a NAT interface. I’m using `wlp3s0` interface, but it could be different if you’re connected via ethernet cable, e.g. `eth0`: ```bash $ sudo ip addr add 172.16.0.1/24 dev tap0 $ sudo ip link set tap0 up $ sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward" $ sudo iptables -t nat -A POSTROUTING -o wlp3s0 -j MASQUERADE $ sudo iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT $ sudo iptables -A FORWARD -i tap0 -o wlp3s0 -j ACCEPT ``` 4. Pass `--tap-device` to a Firecracker instance: ```bash $ firectl --kernel=/tmp/vmlinux --root-drive=./rootfs.ext4 --kernel-opts="console=ttyS0 noapic reboot=k panic=1 pci=off nomodules rw" --tap-device=tap0/AA:FC:00:00:00:01 ``` 5. Once you have booted the guest, bring up networking within the guest: ```bash # ip addr add 172.16.0.2/24 dev eth0 # ip link set eth0 up # ip route add default via 172.16.0.1 dev eth0 ``` 6. Alpine image comes with `1.1.1.1` as a DNS server. If it’s missing you need to add one to `/etc/resolv.conf`: ``` # cat /etc/resolv.conf nameserver 1.1.1.1 ``` 7. Run a test: ``` # ping google.com PING google.com (172.217.10.46): 56 data bytes 64 bytes from 172.217.10.46: seq=0 ttl=116 time=25.429 ms 64 bytes from 172.217.10.46: seq=1 ttl=116 time=29.473 ms ``` 8. Clean up: ``` $ sudo ip link del tap0 $ sudo iptables-restore < iptables.rules.old ``` It’s going to be interesting to see how it is going to play out in Kubernetes cluster.