I really like the virtual network emulation software GNS3. I usually don’t run the VM on my client, instead I set up a dedicated host for that.
Most of the network equipment can be configured via CLI, but sometimes you want or have to configure instances with a web browser. There are several methods to access http web interfaces with a browser in GNS3:
Docker images like webterm
GNS3 already lists a webterm docker image in its appliances. You can just spin it up and you’ll have a GUI to access your hosts. Pretty easy. Drawback is that with the default settings you have a low resolution and some browser functions might not work in the container.
GNS3 “Cloud” feature
GNS3 offers a feature to connect to the physical or virtual host NIC:
Typical example: You connect a virtual machine to the “Cloud” eth0
and then it gets an IP address via DHCP from the network where your GNS3 host VM is in.
Depending on server setup and topology it’s not always easy to utilize this, especially if you share the server with multiple people. Examples for when this might be limiting:
- Server instance with only one public IPv4 address
- Promiscuous mode for GNS3 not allowed (externally hosted)
- Some effort to find ways around the two points above
Use a browser in a VM
Another way is to launch a web browser within a VM. Either with VNC or SPICE. The latter can have a really good quality. For larger labs I usually prefer this to easily connect to all systems.
The drawbacks of this are the VM performance overhead and depending on the server the GUI performance in nested virtualization scenarios.
I really noticed the performance impact with a NGFW web GUI which loads much faster on my native browser.
💡 Proxy web traffic through a docker container
In GNS3, docker containers have the advantage that you can natively select the proxy type http
or https
with a port. You’d usually use it to access a webserver in a container directly.
Example: You have a VM with a SQL database, then spin up an Adminer or phpmyadmin instance to quickly access your database.
Using socat
When I used this GNS3 feature for docker containers I thought: Why not proxy the traffic to another VM in my GNS3 topology?
Maybe there are better ways, but I had the idea to do this with socat. Here is how I did it:
Add the socat docker container to your appliances. (It’s not even 5MB in size!) Then add something like this as start command:
TCP-LISTEN:80,reuseaddr,fork,su=nobody TCP:192.168.1.1:8080
In this example you want to reach port 8080
of a VM that runs in GNS3 with the IP 192.168.1.1
. And the socat container should listen on port 80
, which is also the HTTP port in the container
from the config then.
ℹ️ For https
connections I think it’s better to go with a proper reverse proxy like caddy or nginx for the benefit of handling certs better. For my lab use encryption of the web interface isn’t required.
So now you can use your native browser to reach any web interface. And it’s easy to attach this to any NIC in your topology without having to change settings in a VM.
I especially like that once you set up socat as an appliance it’s relatively easy to use even if you’re new to networking or GNS3. Just change the IP address at the end of the start command and, 💥, it works.