Skip to content

Instantly share code, notes, and snippets.

@FrankSpierings

FrankSpierings/fw-example-netns.sh

Last active February 6, 2020 08:29
Show Gist options
  • Save FrankSpierings/20cdbfd197698fef0e4c5e198947a7e2 to your computer and use it in GitHub Desktop.
Save FrankSpierings/20cdbfd197698fef0e4c5e198947a7e2 to your computer and use it in GitHub Desktop.
Download ZIP
Network Namespaces - One host
Raw
fw-example-netns.sh
#!/bin/bash
BRIDGE=br-ns
# Create switch
# ------------------
brctl addbr "${BRIDGE}"
brctl stp "${BRIDGE}" off
ip link set dev $BRIDGE up
# Client 1
# ------------------
NR=1
CURNS=Client-${NR}
TAP=tap-${CURNS}
BRIDGETAP=br-${CURNS}
# Create the namespace
ip netns add "${CURNS}"
# create a port pair
ip link add "${TAP}" type veth peer name "${BRIDGETAP}"
# attach one side to linuxbridge
brctl addif ${BRIDGE} "${BRIDGETAP}"
# attach the other side to namespace
ip link set "${TAP}" netns "${CURNS}"
# set the ports to up
ip netns exec "${CURNS}" ip link set dev "${TAP}" up
ip link set dev "${BRIDGETAP}" up
# set the ip address
# ip netns exec "${CURNS}" ip addr add "192.168.0.${NR}/24" dev "${TAP}"
# setup the VLAN interface
VLAN=10
VLANTAP=${TAP}.${VLAN}
ip netns exec "${CURNS}" ip link add link "${TAP}" name "${VLANTAP}" type vlan id "${VLAN}"
ip netns exec "${CURNS}" ip link set dev "${VLANTAP}" up
ip netns exec "${CURNS}" ip addr add "192.168.${VLAN}.${NR}/24" dev "${VLANTAP}"
ip netns exec "${CURNS}" route add default gw "192.168.${VLAN}.254"
# Client 2
# ------------------
NR=2
CURNS=Client-${NR}
TAP=tap-${CURNS}
BRIDGETAP=br-${CURNS}
# Create the namespace
ip netns add "${CURNS}"
# create a port pair
ip link add "${TAP}" type veth peer name "${BRIDGETAP}"
# attach one side to linuxbridge
brctl addif ${BRIDGE} "${BRIDGETAP}"
# attach the other side to namespace
ip link set "${TAP}" netns "${CURNS}"
# set the ports to up
ip netns exec "${CURNS}" ip link set dev "${TAP}" up
ip link set dev "${BRIDGETAP}" up
# set the ip address
# ip netns exec "${CURNS}" ip addr add "192.168.0.${NR}/24" dev "${TAP}"
# setup the VLAN interface
VLAN=20
VLANTAP=${TAP}.${VLAN}
ip netns exec "${CURNS}" ip link add link "${TAP}" name "${VLANTAP}" type vlan id "${VLAN}"
ip netns exec "${CURNS}" ip link set dev "${VLANTAP}" up
ip netns exec "${CURNS}" ip addr add "192.168.${VLAN}.${NR}/24" dev "${VLANTAP}"
ip netns exec "${CURNS}" route add default gw "192.168.${VLAN}.254"
# Firewall 2
# ------------------
NR=254
CURNS=FW-${NR}
TAP=tap-${CURNS}
BRIDGETAP=br-${CURNS}
# Create the namespace
ip netns add "${CURNS}"
# create a port pair
ip link add "${TAP}" type veth peer name "${BRIDGETAP}"
# attach one side to linuxbridge
brctl addif ${BRIDGE} "${BRIDGETAP}"
# attach the other side to namespace
ip link set "${TAP}" netns "${CURNS}"
# set the ports to up
ip netns exec "${CURNS}" ip link set dev "${TAP}" up
ip link set dev "${BRIDGETAP}" up
# set the ip address
# ip netns exec "${CURNS}" ip addr add "192.168.0.${NR}/24" dev "${TAP}"
# setup the VLAN interfaces
VLAN=10
VLANTAP=${TAP}.${VLAN}
ip netns exec "${CURNS}" ip link add link "${TAP}" name "${VLANTAP}" type vlan id "${VLAN}"
ip netns exec "${CURNS}" ip link set dev "${VLANTAP}" up
ip netns exec "${CURNS}" ip addr add "192.168.${VLAN}.${NR}/24" dev "${VLANTAP}"
VLAN=20
VLANTAP=${TAP}.${VLAN}
ip netns exec "${CURNS}" ip link add link "${TAP}" name "${VLANTAP}" type vlan id "${VLAN}"
ip netns exec "${CURNS}" ip link set dev "${VLANTAP}" up
ip netns exec "${CURNS}" ip addr add "192.168.${VLAN}.${NR}/24" dev "${VLANTAP}"
Raw
netns.sh
#!/bin/bash
NAMESPACE=NS
BRIDGE=NSBR
# Namespaces
# ------------------
ip netns add "${NAMESPACE}-1"
ip netns add "${NAMESPACE}-2"
# Switch
# ------------------
brctl addbr "${BRIDGE}"
brctl stp "${BRIDGE}" off
ip link set dev $BRIDGE up
# PORT 1
# ------------------
NR=1
CURNS=${NAMESPACE}-${NR}
TAP=tap-${CURNS}
BRIDGETAP=br-${CURNS}
# create a port pair
ip link add "${TAP}" type veth peer name "${BRIDGETAP}"
# attach one side to linuxbridge
brctl addif ${BRIDGE} "${BRIDGETAP}"
# attach the other side to namespace
ip link set "${TAP}" netns "${CURNS}"
# set the ports to up
ip netns exec "${CURNS}" ip link set dev "${TAP}" up
ip link set dev "${BRIDGETAP}" up
# set the ip address
ip netns exec "${CURNS}" ip addr add "192.168.0.${NR}/24" dev "${TAP}"
# PORT 2
# ------------------
NR=2
CURNS=${NAMESPACE}-${NR}
TAP=tap-${CURNS}
BRIDGETAP=br-${CURNS}
# create a port pair
ip link add "${TAP}" type veth peer name "${BRIDGETAP}"
# attach one side to linuxbridge
brctl addif ${BRIDGE} "${BRIDGETAP}"
# attach the other side to namespace
ip link set "${TAP}" netns "${CURNS}"
# set the ports to up
ip netns exec "${CURNS}" ip link set dev "${TAP}" up
ip link set dev "${BRIDGETAP}" up
# set the ip address
ip netns exec "${CURNS}" ip addr add "192.168.0.${NR}/24" dev "${TAP}"
# Setup VLAN interfaces
# PORT 1
# ------------------
NR=1
VLAN=20
CURNS=${NAMESPACE}-${NR}
TAP=tap-${CURNS}
VLANTAP=${TAP}.${VLAN}
BRIDGETAP=br-${CURNS}
ip netns exec "${CURNS}" ip link add link "${TAP}" name "${VLANTAP}" type vlan id "${VLAN}"
ip netns exec "${CURNS}" ip link set dev "${VLANTAP}" up
ip netns exec "${CURNS}" ip addr add "192.168.${VLAN}.${NR}/24" dev "${VLANTAP}"
# PORT 2
# ------------------
NR=2
VLAN=20
CURNS=${NAMESPACE}-${NR}
TAP=tap-${CURNS}
VLANTAP=${TAP}.${VLAN}
BRIDGETAP=br-${CURNS}
ip netns exec "${CURNS}" ip link add link "${TAP}" name "${VLANTAP}" type vlan id "${VLAN}"
ip netns exec "${CURNS}" ip link set dev "${VLANTAP}" up
ip netns exec "${CURNS}" ip addr add "192.168.${VLAN}.${NR}/24" dev "${VLANTAP}"
# Tests
NR=1
CURNS=${NAMESPACE}-${NR}
ip netns exec "${CURNS}" ip addr
ip netns exec "${CURNS}" ping -c1 192.168.0.2
NR=2
CURNS=${NAMESPACE}-${NR}
ip netns exec "${CURNS}" ip addr
ip netns exec "${CURNS}" ping -c1 192.168.0.1
NR=2
CURNS=${NAMESPACE}-${NR}
ip netns exec "${CURNS}" ip addr
ip netns exec "${CURNS}" ping -c1 192.168.20.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment