fix: properly setup outbound network connectivity in getting started

the getting started guide was hardcoding eth0 as the network interface on the host to route outbound microvm network traffic to. However, on EC2 instances (and my laptop), that's wrong, because its not called eth0. So instead dynamically determine the hopefully correct network interface on the host. Fixes: #4930 Suggested-by: Pablo Barbáchano <[email protected]> Signed-off-by: Patrick Roy <[email protected]>
firecracker-microvm · Nov 28, 2024 · 555563b · 555563b
1 parent 4c33853
commit 555563b
Showing 1 changed file with 5 additions and 6 deletions.
diff --git a/docs/getting-started.md b/docs/getting-started.md
@@ -197,17 +197,16 @@ sudo ip link set dev "$TAP_DEV" up
 
 # Enable ip forwarding
 sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
+sudo iptables -P FORWARD ACCEPT
 
-HOST_IFACE="eth0"
+# This tries to determine the name of the host network interface to forward
+# VM's outbound network traffic through. If outbound traffic doesn't work,
+# double check this returns the correct interface!
+HOST_IFACE=$(ip -j route list default |jq -r '.[0].dev')
 
 # Set up microVM internet access
 sudo iptables -t nat -D POSTROUTING -o "$HOST_IFACE" -j MASQUERADE || true
-sudo iptables -D FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT \
-    || true
-sudo iptables -D FORWARD -i "$TAP_DEV" -o "$HOST_IFACE" -j ACCEPT || true
 sudo iptables -t nat -A POSTROUTING -o "$HOST_IFACE" -j MASQUERADE
-sudo iptables -I FORWARD 1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-sudo iptables -I FORWARD 1 -i "$TAP_DEV" -o "$HOST_IFACE" -j ACCEPT
 
 API_SOCKET="/tmp/firecracker.socket"
 LOGFILE="./firecracker.log"