Skip to content

Instantly share code, notes, and snippets.

@hareeshpc

hareeshpc/inter_namespace_forwarding_ip_tools.md

Last active July 4, 2022 10:17
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save hareeshpc/a3bd169c50959753e895aec12f8d05a3 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save hareeshpc/a3bd169c50959753e895aec12f8d05a3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
inter_namespace_forwarding_ip_tools.md

Overview

+------------------------+                 +----------------------+
|                        |                 |                      |
|                        |                 |                      |
|           h1           |                 |          h2          |
|                        |                 |                      |
|                        |                 |                      |
|                        |                 |                      |
|                        |                 |                      |
|       10.0.0.2/24      |                 |        10.20.0.2/24  |
|        -------         |                 |         --------     |
|        veth_main       |                 |         veth_main    |
|        ---+---         |                 |         ---+----     |
|           |            |                 |            |         |
+-----------+------------+                 +------------+---------+
            |                                           |
            |                                           |
            |                                           |            [ Host Network ]
            |
                                                     veth_h2
         veth_h1                                    10.20.0.1/24
       10.0.0.1/24

References

Commands

# Make sure forwarding and reverse path filtering is off

echo 'net.ipv4.conf.eth2.rp_filter = 0' >> /etc/sysctl.conf
echo 'net.ipv4.conf.lo.rp_filter = 0' >> /etc/sysctl.conf
sysctl -p

# [OR]
sysctl -w net.ipv4.conf.all.rp_filter=0
echo 1 > /proc/sys/net/ipv4/ip_forward

# Create namespace - h1
ip netns add h1
# Create veth pair of interfaces for the h1 namespace
ip link add veth_h1 type veth peer name veth_main
# Move the veth_main interface into the h1 namespace
ip link set dev veth_main netns h1
# Configure the veth_h1 interface and address  (host side)
ip link set dev veth_h1 up
ip address add 10.0.0.1/24 dev veth_h1

# Configure network inside the h1 namespace
ip netns exec h1 ip link set dev lo up
ip netns exec h1 ip link set dev veth_main up
ip netns exec h1 ip address add 10.0.0.2/24 dev veth_main
ip netns exec h1 ip route add 0/0 via 10.0.0.1 dev veth_main

# h2 namespace  - Host side
ip netns add h2
ip link add veth_h2 type veth peer name veth_main
ip link set dev veth_main netns h2
ip link set dev veth_h2 up
ip address add 10.20.0.1/24 dev veth_h2
# h2 namespace  - namespace side
ip netns exec h2 ip link set dev lo up
ip netns exec h2 ip link set dev veth_main up
ip netns exec h2 ip address add 10.20.0.2/24 dev veth_main
ip netns exec h2 ip route add 0/0 via 10.20.0.1 dev veth_main

# Check routing
$ ip r g 10.20.0.2 from 10.0.0.2 iif veth_h1
10.20.0.2 from 10.0.0.2 dev veth_h2 
    cache iif veth_h1 

$ ip r g 10.0.0.2 from 10.20.0.2 iif veth_h2
10.0.0.2 from 10.20.0.2 dev veth_h1 
    cache iif veth_h2 

# iptables rule
iptables -A FORWARD -i veth_h1 -o veth_h2 -j ACCEPT
iptables -A FORWARD -i veth_h2 -o veth_h1 -j ACCEPT

# Ping
ip netns exec h1 ping 10.20.0.2


# Other commands

# Remove veth pair
ip link del dev veth_h1


# To move back an interface from some namespace to the main namespace:
ip netns exec h2 ip link set dev veth_main netns 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment