Questions tagged [network-namespaces]
The network-namespaces tag has no summary.
159 questions
0
votes
1
answer
119
views
create container with a tcp server socket inside from an outside app (as non root user)
I have an application and want to start a firefox where all network traffic from firefox goes through the application which does magic (doesn't really matter what it does).
The idea I have is to open ...
0
votes
0
answers
28
views
how to bridge (tcp & perhaps udp) the 2nd netns in order to use services that run on default netns
I have 2x internet connections on a linux box (running slackware btw). The ascii schematic is the following
+------------------+
| eth1| --- modem #1 --- ...
- 1,508
0
votes
0
answers
66
views
Bridging containers to external VLAN
I have a physical network with several VLANs. One of my computers (my main workstation) is connected to two different VLANs on this network, one tagged, the other not.
I have successfully set this ...
- 1,412
0
votes
1
answer
54
views
Can not reach a gw interface within a network namespace
I have a docker container with the internal ip addr 172.17.0.2, that is connected to the docker's virtual interface with ip 172.17.0.1 on my host:
root@ldc1:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> ...
1
vote
0
answers
70
views
Binding a process to an interface
I have here a process from which I do not want to access the internet, except from my company VPN. My company VPN is using a tun device.
If the VPN is not active or does not work, the expected ...
- 10.5k
0
votes
2
answers
182
views
Why does a network interface need to have a routing table entry configured to answer ARP requests?
I'm using a fresh minimal Ubuntu server 24.04.1 LTS install. I run these commands as root to set up networking and do some experiments:
apt install -y netcat-traditional tcpdump inetutils-ping
ip ...
- 261
2
votes
1
answer
785
views
Why am I getting no output in tcpdump even though there is data being sent and received when using network namespaces?
I'm using a fresh minimal Ubuntu server 24.04.1 LTS install.
I run these commands as root to set up networking and do some experiments:
If you have seen this post, it's the same setup but with the ip ...
- 261
3
votes
2
answers
359
views
Why doesn't netcat print anything when listening in UDP mode when it can't reach the client even when the client can reach the server?
I'm using a fresh minimal Ubuntu server 24.04.1 LTS install.
I run these commands as root to set up networking and do some experiments:
apt install netcat-traditional
ip netns add ns1
ip netns add ...
- 261
1
vote
0
answers
63
views
Socat error inside Linux Network Namespaces
I'm trying to run socat forward ttyACM0 into UDP. It works with command.
socat UDP-LISTEN:14550,fork,reuseaddr FILE:/dev/ttyACM0,b57600,raw
Problem is, I need to access socat via ip address, which is ...
- 21
1
vote
0
answers
141
views
Network namespace stopped working after hardware change
A couple of days ago I had a motherboard failure and as a result I bought a new computer. I swapped in the old hard drives and after a couple of hiccups, everything was nearly the same again. It is ...
- 11
1
vote
0
answers
91
views
Is it possible to use a veth created in a user namespace as a regular user in a practical way?
This question hints that it is possible to create a veth (which normally requires root) from inside a user and network namespace, and indeed:
user@host$ unshare --user --net -r =bash
root@namespace# ...
- 361
2
votes
1
answer
313
views
What is the reason why creating a veth requires root?
I recently became aware of solutions like slirp4netns or passt/pasta which essentially work around the fact that you can't create a pair of veth network interfaces without root (or CAP_NET_ADMIN). ...
- 361
0
votes
1
answer
219
views
What happens with bridge packets after they arrive at bridge?
Hello I have a simple setup for explanation purposes created with following scripts:`
env.sh
CON1="con1"
CON2="con2"
NODE_IP="10.0.0.20"
TUNNEL_IP="172.16.1.100&...
- 103
0
votes
0
answers
156
views
Cannot find how to create network namespace in udev rule
I want to write a udev rule (ACTION=add) that will create a new network namespace, move the newly added device to it and exec some commands inside it.
I was using irpoute2 to do so (Inside the rule):
...
0
votes
1
answer
292
views
Debian network namespace isolation
I have an AppImage which I need to run 3 instances of, concurrently. Each instance will use it's own profile (Home directory). That's all very easy:
HOME=/home/user/home AppName.appimage
Now the ...
- 101
1
vote
1
answer
546
views
Connecting two network namespaces over a bridge
I'm trying to make one network namespace to be able to ping another namespace via a bridge.
Here are the commands I'm executing:
# create two namespaces
ip netns add ns0
ip netns add ns1
# create a ...
- 247
0
votes
0
answers
122
views
Virtual interface pair forwarding packets to each other
The goal is very simple: anything sent to pair1, as outgoing packet, should appear on pair0 as an incoming packet and vice versa. I am thinking on a layer3-only, virtual interface now.
tun could do ...
- 10.5k
0
votes
1
answer
516
views
systemd Fails to Create Network Namespace after Debian Update
I'm running my own flavor of Debian (trixie, 6.1.0-9-amd64). I had set up a custom systemd service to establish a network namespace and route VPN traffic through it (which has worked flawlessly for ...
2
votes
0
answers
279
views
Application does DNS outside of its Network Namespace?
I am using unshare to create a network namespace:
unshare -rn bash
I already have the a working setup with veth-interfaces as described in this guide:
https://josephmuia.ca/2018-05-16-net-namespaces-...
- 21
0
votes
1
answer
1k
views
Running Application in Specific Network Namespace Without Sudo?
I am trying to run google-chrome with a specific network namespace, but when I do there is no audio. I run the command so that it is running in the network namespace as follows:
sudo ip netns exec ...
- 11
4
votes
1
answer
2k
views
Separate network namespaces for different users?
I'm running Arch Linux on a laptop. What I want to achieve:
Multiple users
When each user logs in on a tty (which could be while another user is logged in on another tty---they're all me), they're in ...
- 53
1
vote
0
answers
159
views
How to forward packets between net namespaces?
I have a lima VM with linux running Ubuntu 23.04 with kernel 6.2 and cgroupsv2. This VM is meant to serve as docker host. When I create docker network in this VM I get an interface in its own ...
- 14.8k
2
votes
1
answer
217
views
Redirecting locally originated traffic with DNAT in OUTPUT chain not working as expected
I am having a dumb, and I am hoping you lovely people can jumpstart my brain.
I am running a service in a local network namespace. The namespace looks like this:
# ip -n ns1 addr
1: lo: <LOOPBACK,...
- 38.5k
2
votes
1
answer
629
views
Root network namespace as transit between 2 other net namespaces
I am trying to communicate between two network namespaces that are connected through the root namespaces using veth pairs as seen in the diagram. I am unable to perform a ping from netns A to netns B. ...
2
votes
0
answers
154
views
Pipewire sound card hijacked by netns
I sometimes run my browser in a VPN netns, like this:
sudo ip netns exec vpnns sudo -u myuser google-chrome &
This works great, except sometimes it seems that the netns "steals" the ...
- 278
2
votes
2
answers
3k
views
How to use network namespaces for vpn split tunneling
My aim is to route the default namespace through my vpn, and create a new namespace which does not route through the vpn
(so i can selectively launch programs that should not have access to the remote ...
1
vote
0
answers
336
views
How to firewall a network namespace using firewalld?
I'm running fedora 36 using firewalld as my firewall.
I set up a network namespace called "wireguard". It contains the interface wg0 which connects to Mullvad VPN. I set it up like this:
ip ...
4
votes
2
answers
4k
views
What is the difference between using Linux VRF, network namespaces and using different routing tables?
The ip-vrf manual reads :
A VRF provides traffic isolation at layer 3 for routing, similar to how a VLAN is used to isolate traffic at layer 2. Fundamentally, a VRF is a separate routing table.
At ...
- 41
0
votes
0
answers
250
views
Forward traffic from public IP to namespace
I have two VMs VM-A & VM-B connected via IPIP Tunnel in a namespace. I want the application in VM-B which is under namespace to be accessed from the public IP of VM-C. Can someone help me how can ...
- 378
1
vote
0
answers
139
views
Wireguard to endpoint Inside a Namespace
I have three VM's. VM-A,VM-B & VM-X. I have a application running on the backend server VM-X. VM-A is the Main frontend server which has high capacity. VM-B is just a standby server of low ...
- 378
0
votes
1
answer
977
views
Ubuntu 22.04 netns with veth connected to bridge unable to ping gateway
Hey guys this is probably just something stupid I'm missing, but I'm having trouble setting up a net namespace to use for my VPN. The weird part is that this script/setup was working, and has suddenly ...
- 1
1
vote
0
answers
208
views
Prevent network namespaces / lxd-bridges from talking to each other, but keep internet access?
Following goal:
I have lxd containers
each set of containers should have their dedicated isolated network
each should still be able to connect to the internet (e.g. apt update or curl), but not leak ...
- 11
0
votes
0
answers
778
views
socat streaming UDP is slower than TCP
I'm currently using subprocess.run(["socat", f"udp-listen:{_to},fork,reuseaddr,bind=127.0.0.1", f"""exec:'sudo ip netns exec {netns} socat STDIO "UDP-connect:...
0
votes
1
answer
315
views
How can i map multiple ports in systemd-nspawn container?
I'm writing a container manager script which depends on nspawn, and the container is using a Virtual Ethernet Connection(-n opt).
but it looks like that nspawn only support port mapping for single ...
1
vote
1
answer
517
views
If ports are unpriviledged, why can't I access them if I am root in a namespace?
I've run sudo sysctl -w net.ipv4.ip_unprivileged_port_start=1. However, sudo ip netns exec myvpn unshare -r python -m http.server -b 127.0.0.1 2 does not work. Strangely enough, this does: sudo ip ...
1
vote
0
answers
55
views
Advertising VXLAN learned MACs into a different namespace
I would like to run a l2 evpn (vxlan) bgp speaker in a different namespace and advertise the learned addresses into another namespace. In building the following topology, the BGP daemon populates the ...
- 121
2
votes
1
answer
2k
views
Linux packet mark across network namespaces
I am trying to use iptables to packet mark packets of a certain source/destination IP in the mangle table on a given host. The packets are later forwarded to a particular network namespace on the same ...
- 45
0
votes
0
answers
2k
views
How do I start a Docker container in custom network namespace?
How do I make docker run to setns to the network namespace of my choice when starting a container? I want something like --net host mode, but aiming to the namespace of Docker server itself.
Or should ...
- 6,005
2
votes
0
answers
633
views
Docker overlay network connection between containers lags simetimesin multiples of 1s
Two containers talking to each other on overlay network with high traffic (connection frequency) occasionally got connection lag almost exact multiple of 1s.
It doesn't matter whether it is same host ...
- 2,146
0
votes
1
answer
160
views
How can I copy $BASHPID in bash script?
I have a network namespace and I want to run command with this netns bash pid, how can I do it in bash script?
Code example:
sudo ip netns add ns1 #this is my network namespace
#In separate shell I ...
- 3
0
votes
1
answer
1k
views
How to connect Linux network namespace with other VM using internal network?
I have two Virtual Machnes (VM) in Virtualbox connected with internal network. On the first one I have network namespace named n0. I want to connect this namespace to network interface and finally ...
- 3
3
votes
1
answer
2k
views
Capture DNS traffic to and from a network namespace using tshark
How can I capture traffic specifically from a network interface inside a network namespace using tshark? In my case, the network interface tun0 is moved into the network namespace called vpn.
Normally ...
- 295
0
votes
0
answers
286
views
Runing libreoffice from network namespace session?
I am using Ubuntu Mate:
$ echo $DESKTOP_SESSION; cat /etc/issue; uname -a;
mate
Ubuntu 20.04.4 LTS \n \l
Linux mypc 5.4.0-104-generic #118-Ubuntu SMP Wed Mar 2 19:02:41 UTC 2022 x86_64 x86_64 x86_64 ...
- 7,168
3
votes
1
answer
2k
views
IPv6 forwarding doesn't work in a network namespace
I have 3 Linux VMs connected like this:
/ server1 \
| ens19 2001:1::2 |
\ /
|
/ \
| ens19 2001:1::1 |
| ...
- 33
0
votes
1
answer
1k
views
Can't access directory from netns
I created a simple test netns :
sudo ip netns add test
Then I brought up the lo interface.
I'm currently in the home directory of user1, and by executing
sudo ip netns exec test ls -la
I see all the ...
- 1
2
votes
2
answers
774
views
Is cgroup a type of namespace?
Is cgroup a type of namespace?
I am asking this because I have seen blogs talking as if cgroup and namespaces are different. However, in different linux commands , cgroup is considered as a type of ...
- 3,144
5
votes
1
answer
3k
views
How can I use a bind mount in a network namespace?
I have an app I run in a network namespace. This works well.
I want to run the app multiple times, in different namespaces. For convenience, I want to bind mount the app's working directory to ...
- 215
0
votes
0
answers
2k
views
Bridging between network namespaces using tun or tap devices
I am trying to create two tap interfaces which are connected via a userspace program which should be able to see (and later modify) all packets going over the "wire". While this works when I ...
- 1
0
votes
1
answer
1k
views
To persist a namespace, create a bind mount point on which /proc/PID?
From https://man7.org/linux/man-pages/man1/n.1.html :
By default, a new namespace remains in existence only as long as it
has at least one member process. A namespace can be made persistent—
that ...
- 101
1
vote
1
answer
2k
views
Can't establish communication between two network namespaces using bridge network
I'm following this video about network namespaces in Linux, and trying to practice it myself, but for some reason it doesn't work. What I've done is:
After creating 2 network namespaces named "...
- 392