In this post program will be run with unshared network namespace.
Next connectivity from default network namespace will be configured towards unshared network namespace.
It is continuation of previous posts about Linux network namespaces:
Run program with unshared network namespace
# Run nc program which listens on port 8001 with unshared network namespace
unshare --net nc -d -k -l -p 8001 &
# Save process id of launched nc command in environemnt variable NC_PID
# "$!" expands to the process ID of the job most recently placed into the background
export NC_PID=$!
# View saved process id
echo $NC_PID
# Process id of launched nc command can be found with ps as well
ps -eu | grep "nc -d -k -l -p 8001" | awk 'NR==1{print $2}'
In default network namespace tcp port 8001 is not listening:
root@labserver:~# netstat --listen --numeric-hosts --numeric-ports --tcp | grep 8001
root@labserver:~#
Bind mount network namespace for launched nc process under /var/run/netns so it will be possible to interact with it using ip netns.
Namespace will be registered under name test-ns.
# Create empty file /var/run/netns/test-ns
touch /var/run/netns/test-ns
# Bind mount network namespace where nc is running to /var/run/netns/test-ns
# to specify process id of running nc command - environmet variabe NC_PID is used (it was set in previous step)
mount -o bind /proc/$NC_PID/ns/net /var/run/netns/test-ns
Set state of lo interface in namespace test-ns to up:
ip netns exec test-ns ip link set lo up
In network namespace test-ns in which nc is running tcp port 8001 is listening:
root@labserver:~# ip netns exec test-ns netstat --listen --numeric-hosts --numeric-ports --tcp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:8001 0.0.0.0:* LISTEN
It is possible to connect to tcp port 8001 from within namespace test-ns:
root@labserver:~# ip netns exec test-ns nc -v 127.0.0.1 8001
Connection to 127.0.0.1 8001 port [tcp/*] succeeded!
Connectivity from default network namespace
Configure connectivity from default network namespace towards namespace test-ns:
# Create interconnected pair of virtual ethernet devices veth101 and veth102
ip link add veth101 type veth peer name veth102
# Associate virtual ethernet device veth102 with network namespace test-ns
ip link set veth102 netns test-ns
# In network namespace test-ns set ip address on interface veth102
ip netns exec test-ns ip addr add 10.1.100.2/24 dev veth102
ip netns exec test-ns ip link set dev veth102 up
# In default network namespace set ip address on interface veth101
ip addr add 10.1.100.1/24 dev veth101
ip link set dev veth101 up
Communication from default network namespace towards process in network namespace test-ns is working:
root@labserver:~# nc -v 10.1.100.2 8001
Connection to 10.1.100.2 8001 port [tcp/*] succeeded!
Links
- https://gist.github.com/cfra/39f4110366fa1ae9b1bddd1b47f586a3
- https://www.linux.com/news/discover-possibilities-proc-directory/
- http://manpages.ubuntu.com/manpages/focal/man7/namespaces.7.html
- http://manpages.ubuntu.com/manpages/focal/man1/unshare.1.html
- http://manpages.ubuntu.com/manpages/focal/man8/ip-netns.8.html
- http://manpages.ubuntu.com/manpages/focal/man1/bash.1.html
No comments:
Post a Comment