Last active
April 9, 2024 00:38
-
-
Save pojntfx/7c6eb8f406fa0861149293362184ab48 to your computer and use it in GitHub Desktop.
Use `slirp4netns` to add a tap device with working networking to an unprivileged/rootless namespace
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Also see: https://passt.top/passt/about/ for an alternative setup | |
| # In first terminal (namespace 1) | |
| unshare --user --map-root-user --net --mount | |
| echo $$ > /tmp/pid | |
| # In second terminal | |
| # For port-forwarding: http://web.archive.org/web/20240112152726/https://rootlesscontaine.rs/how-it-works/netns/incoming/ for port-forwarding | |
| # For communicating between different slirp4netns instances: https://github.com/rootless-containers/slirp4netns/blob/master/slirp4netns.1.md#inter-namespace-communication | |
| slirp4netns --configure --mtu=65520 --disable-host-loopback --macaddress 26:87:71:8f:6f:57 --outbound-addr 100.111.168.3 --outbound-addr6 fd7a:115c:a1e0::1def:a803 --enable-ipv6 $(cat /tmp/pid) tap0 | |
| # In third terminal (namespace 2) | |
| unshare --user --map-root-user --net --mount | |
| echo $$ > /tmp/pid2 | |
| # In fourth terminal | |
| slirp4netns --configure --mtu=65520 --disable-host-loopback --macaddress 26:87:71:8f:6f:57 --outbound-addr 100.111.168.3 --outbound-addr6 fd7a:115c:a1e0::1def:a803 --enable-ipv6 $(cat /tmp/pid2) tap0 | |
| # Now both network namespaces have the same internal view of the network (same IP/MAC address) but can still talk to the oustside (and optionaly with each other!) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment