Last active
March 5, 2024 22:05
-
-
Save agentzh/cad9a06474e72ec21aa40f8208cda649 to your computer and use it in GitHub Desktop.
Create 2 network namespaces and bridge them and the default namespace together so that they can directly talk to each other via static IP addresses; also enable Internet access in all the namespaces via NAT.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -x | |
| main_if=ens33 | |
| ping_count=1 | |
| echo 1 > /proc/sys/net/ipv4/ip_forward || exit 1 | |
| ip netns del ns1 > /dev/null 2>&1 | |
| ip netns del ns2 > /dev/null 2>&1 | |
| ip link del br0 > /dev/null 2>&1 | |
| ip netns add ns1 || exit 1 | |
| ip netns exec ns1 ip link set dev lo up || exit 1 | |
| ip netns add ns2 || exit 1 | |
| ip netns exec ns2 ip link set dev lo up || exit 1 | |
| # create the bridge | |
| #ip0=10.0.1.254 | |
| ip link add br0 type bridge || exit 1 | |
| ip link set dev br0 up || exit 1 | |
| #ifconfig | |
| # create a veth pair for the current host (default net namespace) | |
| id=0 | |
| ip link del tap$id > /dev/null 2>&1 | |
| ip link add tap$id type veth peer name ns$id-veth || exit 1 | |
| ip link set ns$id-veth master br0 || exit 1 | |
| ip0=10.0.1.254 | |
| ip=$ip0 | |
| ip addr add $ip/24 dev tap$id || exit 1 | |
| ip link set dev tap$id up || exit 1 | |
| ip link set dev ns$id-veth up || exit 1 | |
| #ifconfig | |
| #exit | |
| # create the veth pair for ns1 | |
| id=1 | |
| ip link del tap$id > /dev/null 2>&1 | |
| ip link del tap${id}i > /dev/null 2>&1 | |
| ip link add tap$id type veth peer name ns$id-veth || exit 1 | |
| ip link set ns$id-veth master br0 || exit 1 | |
| ip link set tap$id name eth0 netns ns$id || exit 1 | |
| ip1=10.0.1.1 | |
| ip=$ip1 | |
| ip netns exec ns$id ip addr add $ip/24 dev eth0 || exit 1 | |
| ip netns exec ns$id ip link set dev eth0 up || exit 1 | |
| #ip link list | |
| ip link set dev ns$id-veth up || exit 1 | |
| # enable internet access in the namespace via NAT | |
| ip1i=10.$id.0.1 | |
| ip1i2=10.$id.0.2 | |
| ip link add tap${id}i type veth peer name ns${id}i-veth || exit 1 | |
| ip link set ns${id}i-veth name eth1 netns ns$id || exit 1 | |
| ip addr add $ip1i/24 dev tap${id}i || exit 1 | |
| ip link set dev tap${id}i up || exit 1 | |
| ip netns exec ns$id ip addr add $ip1i2/24 dev eth1 || exit 1 | |
| ip netns exec ns$id ip link set dev eth1 up || exit 1 | |
| ip netns exec ns$id ip route add default via $ip1i || exit 1 | |
| ip netns exec ns$id ifconfig | |
| ip netns exec ns$id ip link list | |
| iptables -P FORWARD DROP || exit 1 | |
| iptables -F FORWARD || exit 1 | |
| iptables -t nat -F || exit 1 | |
| iptables -t nat -A POSTROUTING -s $ip1i2/24 -o $main_if -j MASQUERADE || exit 1 | |
| iptables -A FORWARD -i $main_if -o tap${id}i -j ACCEPT || exit 1 | |
| iptables -A FORWARD -o $main_if -i tap${id}i -j ACCEPT || exit 1 | |
| ip netns exec ns$id ping -c $ping_count 8.8.4.4 || exit 1 | |
| #ip netns exec $ns ping -w 1 $ip0 | |
| #ping -w 1 $ip1 | |
| # create the veth pair for ns2 | |
| id=2 | |
| ip link del tap$id > /dev/null 2>&1 | |
| ip link del tap${id}i > /dev/null 2>&1 | |
| ip link add tap$id type veth peer name ns$id-veth || exit 1 | |
| ip link set ns$id-veth master br0 || exit 1 | |
| ip link set tap$id name eth0 netns ns$id || exit 1 | |
| ip2=10.0.1.2 | |
| ip=$ip2 | |
| ip netns exec ns$id ip addr add $ip/24 dev eth0 || exit 1 | |
| ip netns exec ns$id ip link set dev eth0 up || exit 1 | |
| ip link set dev ns$id-veth up || exit 1 | |
| echo "ping other nodes from inside ns$id..." | |
| ip netns exec ns$id ping -c $ping_count $ip1 || exit 1 | |
| ip netns exec ns$id ping -c $ping_count $ip2 || exit 1 | |
| ip netns exec ns$id ping -c $ping_count $ip0 || exit 1 | |
| echo "ping other nodes from inside ns1..." | |
| ip netns exec ns1 ping -c $ping_count $ip0 || exit 1 | |
| ip netns exec ns1 ping -c $ping_count $ip1 || exit 1 | |
| ip netns exec ns1 ping -c $ping_count $ip2 || exit 1 | |
| echo "ping other nodes from inside host..." | |
| ping -c $ping_count $ip0 || exit 1 | |
| ping -c $ping_count $ip1 || exit 1 | |
| ping -c $ping_count $ip2 || exit 1 | |
| ping -c $ping_count 8.8.4.4 || exit 1 | |
| # enable internet access in the namespace via NAT | |
| ip1i=10.$id.0.1 | |
| ip1i2=10.$id.0.2 | |
| ip link add tap${id}i type veth peer name ns${id}i-veth || exit 1 | |
| ip link set ns${id}i-veth name eth1 netns ns$id || exit 1 | |
| ip addr add $ip1i/24 dev tap${id}i || exit 1 | |
| ip link set dev tap${id}i up || exit 1 | |
| ip netns exec ns$id ip addr add $ip1i2/24 dev eth1 || exit 1 | |
| ip netns exec ns$id ip link set dev eth1 up || exit 1 | |
| ip netns exec ns$id ip route add default via $ip1i || exit 1 | |
| ip netns exec ns$id ifconfig | |
| ip netns exec ns$id ip link list | |
| iptables -P FORWARD DROP | |
| iptables -F FORWARD | |
| iptables -t nat -F | |
| iptables -t nat -A POSTROUTING -s $ip1i2/24 -o $main_if -j MASQUERADE || exit 1 | |
| iptables -A FORWARD -i $main_if -o tap${id}i -j ACCEPT || exit 1 | |
| iptables -A FORWARD -o $main_if -i tap${id}i -j ACCEPT || exit 1 | |
| ip netns exec ns$id ping -c $ping_count 8.8.4.4 || exit 1 | |
| echo Success! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment