Created
October 28, 2018 10:02
-
-
Save oomatz/e33677be4732d211ae8592191016d897 to your computer and use it in GitHub Desktop.
netns内部からNATして外部通信可能にするサンプルスクリプト
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# mynets(network namespace) | |
# +--------------------------------+ | |
# eth0 br0 172.31.0.1/24 | | | |
# +---------+ +--------------+ | | | |
# | | | | | +-------+ | | |
# | | | +-----+ | | | | | |
# +----+----+ | | veth+-------------------+ veth | 172.31.0.100/24 | | |
# | | +-----+ | | | | | |
# +----------+ | | +-------+ | | |
# NAT(MASQUERADE) | | | | | |
# +--------------+ | | | |
# +--------------------------------+ | |
NS=mynets | |
BRIDGE=br0 | |
BRIDGE_VETH=${BRIDGE}_veth | |
NS_VETH=${NS}_veth | |
GW="172.31.0.1" | |
NETWORK="172.31.0.0" | |
CLIENT_IP="172.31.0.100" | |
PREFIX=24 | |
# Create bridge and network namespace | |
brctl addbr ${BRIDGE} | |
ip netns add ${NS} | |
# Create veth pair | |
ip link add ${BRIDGE_VETH} type veth peer name ${NS_VETH} | |
# Connect veth pair | |
## to bridge | |
brctl addif ${BRIDGE} ${BRIDGE_VETH} | |
## to namespace | |
ip link set ${NS_VETH} netns ${NS} | |
# Setup ip address | |
## for bridge | |
ip addr add ${GW}/${PREFIX} dev ${BRIDGE} | |
## for namespace | |
ip netns exec ${NS} ip addr add ${CLIENT_IP}/${PREFIX} dev ${NS_VETH} | |
# Make interfaces up | |
ip netns exec ${NS} ip link set ${NS_VETH} up | |
ip link set ${BRIDGE} up | |
ip link set ${BRIDGE_VETH} up | |
# routing | |
ip netns exec ${NS} ip route add default via ${GW} | |
## setup nat to access the internet | |
echo 1 > /proc/sys/net/ipv4/ip_forward | |
iptables -t nat -A POSTROUTING -s ${NETWORK}/${PREFIX} -j MASQUERADE |
Author
oomatz
commented
Oct 28, 2018
- 通信確認
- iptables(NAT)確認
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment