Preparing the network environment for QEMU

Kaspersky IoT Secure Gateway 1000 uses a TLS connection for network communication. For help configuring the protocol operating log, please refer to the section titled WebServerConfig configuration file.

To connect to the web interface of Kaspersky IoT Secure Gateway 1000 running in QEMU, complete the following preparatory steps:

1. Install the bridge connection configuration tool by running the following command with root privileges:

   apt install bridge-utils

2. Create a script file for configuring a bridge connection:

   touch ~/qemu_network.sh

3. Use any text editor to edit the contents of the created file:

   qemu_network.sh

   set -e

   #!/bin/bash

   ip tuntap add tap0 mode tap user <username> # <username> refers to the name of your user account. The full name must be specified in its entirety without using environment variables.

   ip tuntap add tap1 mode tap user <username> # <username> refers to the name of your user account. The full name must be specified in its entirety without using environment variables.

   ip address add 192.168.0.10/24 dev tap0

   ip address add 192.168.1.11/24 dev tap1

   ip link set up dev tap0

   ip link set up dev tap1

   echo 1 > /proc/sys/net/ipv4/ip_forward

   iptables -t nat -A POSTROUTING -o <interface> -j MASQUERADE # <interface> refers to the name of your network interface, which can be viewed by running the ip addr command

   iptables -I FORWARD 1 -i tap0 -j ACCEPT

   iptables -I FORWARD 1 -o tap0 -m state --state RELATED,ESTABLISHED -j ACCEPT

   iptables -I FORWARD 1 -i tap1 -j ACCEPT

   iptables -I FORWARD 1 -o tap1 -m state --state RELATED,ESTABLISHED -j ACCEPT

   Some situations can potentially prevent the execution of certain script commands. In these situations, you must change the script commands or parameters so that they do not conflict with the current configuration of your network.

4. Convert the created file into an executable file by running the following command with root privileges:

   chmod +x ~/qemu_network.sh

5. Start the script by running the following command with root privileges:

   ./qemu_network.sh

   The script must be started after each computer restart if you need to connect to the web interface of Kaspersky IoT Secure Gateway 1000 running in QEMU.

6. Make sure that the QEMU run parameters include network configuration commands:

   -netdev tap id=net0 ifname=tap0 script=no downscript=no -device pci-bridge id=bridge1 bus=pci.0 chassis_nr=2 -device e1000 netdev=net0 bus=bridge1 addr=0 -netdev tap id=net1 ifname=tap1 script=no downscript=no -device pci-bridge id=bridge2 bus=pci.0 chassis_nr=1 -device e1000-82545em netdev=net1 bus=bridge2 addr=0

   If you use the kosctl tool to run QEMU, the run parameters will be included in the kos-romfsloader-qemu-image.qemu.txt file located in the directory containing the Kaspersky IoT Secure Gateway 1000 image.

7. After starting QEMU, the Kaspersky IoT Secure Gateway 1000 web interface will be available at the address 192.168.1.1.

   For instructions on connecting to Kaspersky IoT Secure Gateway 1000 via a web interface, please refer to the section titled "Connecting to the Kaspersky IoT Secure Gateway 1000 web interface" in the Kaspersky IoT Secure Gateway 1000 User Guide. Certificates for connecting to the Kaspersky IoT Secure Gateway 1000 web interface are extracted along with additional resources for working with the Kaspersky IoT Secure Gateway 1000 disk image and are located in the /opt/KasperskyOS-SDK-KISG-Platform-<version>/share/tls directory.