Internet connectivity using linux network namespace












1















I experimenting with Linux namespaces on Ubuntu 17.1 distro. Ultimate goal is to force an application to use a particular network interface via a 3G modem not the intranet wired connection. My PC has 3 network interfaces.



enp0s25: wired to a intranet router w/o internet connectivity

inet 10.18.0.101



wlp3s0: wireless, used for remote management, will not be available in production environment

inet 10.11.1.116



enx8cae4cff1c86: wired, simulating a 4G USB mobile modem eventually will be used in production environment

inet 10.11.1.142



wlp3s0 and enx8cae4cff1c86 are connected to the same router.I have used following code to created a name space called mobilens



ip netns add mobilens
ip link set dev enx8cae4cff1c86 netns mobilens
ip netns exec mobilens ifconfig enx8cae4cff1c86 10.1.1.10/24 up
ip netns exec mobilens ifconfig lo 127.0.0.1/8 up
ip netns exec mobilens route add default gw 10.1.1.1
ip netns exec mobilens dhcpcd enx8cae4cff1c86


I have also created a /etc/netns/mobilens/resolv.conf file with following entries



nameserver 10.11.1.1
nameserver 8.8.8.8
search google.com


Running ifconfig in name space with



ip netns exec mobilens ifconfig


returns

inet 10.1.1.10 netmask 255.255.255.0

and if I query DNS servers used in namespace as follows



ip netns exec mobilens nmcli dev show | grep DNS


it returns



IP4.DNS[1]: 10.11.1.1



I try to ping google.com using this namespace it resolves but fails.



ip netns exec mobilens ping www.google.com


PING www.google.com (172.217.7.4) 56(84) bytes of data.

From 10.1.1.10 (10.1.1.10) icmp_seq=1 Destination Host Unreachable

From 10.1.1.10 (10.1.1.10) icmp_seq=3 Destination Host Unreachable



What else I need to do to be able to access to internet via this namespace?



EDIT 1:
Using xterm in the namespace, indeed makes testing easier.
I also started to using



dhclient -d enx8cae4cff1c86


instead of DHSCP server in namespace.
However problem continues.I am thinking this is somewhat due to routing. Following is result of route command from interfaces outside of namespace



Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default router.asus.com 0.0.0.0 UG 303 0 0 wlp3s0
10.11.1.0 0.0.0.0 255.255.255.0 U 303 0 0 wlp3s0
10.18.0.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s25
10.18.0.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s25


and this one from namespace



Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.1.1.1 0.0.0.0 UG 0 0 0 enx8cae4cff1c86
10.11.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enx8cae4cff1c86
10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enx8cae4cff1c86


Any suggestions about possible modifications to routing in namespace?










share|improve this question
















bumped to the homepage by Community 47 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.




















    1















    I experimenting with Linux namespaces on Ubuntu 17.1 distro. Ultimate goal is to force an application to use a particular network interface via a 3G modem not the intranet wired connection. My PC has 3 network interfaces.



    enp0s25: wired to a intranet router w/o internet connectivity

    inet 10.18.0.101



    wlp3s0: wireless, used for remote management, will not be available in production environment

    inet 10.11.1.116



    enx8cae4cff1c86: wired, simulating a 4G USB mobile modem eventually will be used in production environment

    inet 10.11.1.142



    wlp3s0 and enx8cae4cff1c86 are connected to the same router.I have used following code to created a name space called mobilens



    ip netns add mobilens
    ip link set dev enx8cae4cff1c86 netns mobilens
    ip netns exec mobilens ifconfig enx8cae4cff1c86 10.1.1.10/24 up
    ip netns exec mobilens ifconfig lo 127.0.0.1/8 up
    ip netns exec mobilens route add default gw 10.1.1.1
    ip netns exec mobilens dhcpcd enx8cae4cff1c86


    I have also created a /etc/netns/mobilens/resolv.conf file with following entries



    nameserver 10.11.1.1
    nameserver 8.8.8.8
    search google.com


    Running ifconfig in name space with



    ip netns exec mobilens ifconfig


    returns

    inet 10.1.1.10 netmask 255.255.255.0

    and if I query DNS servers used in namespace as follows



    ip netns exec mobilens nmcli dev show | grep DNS


    it returns



    IP4.DNS[1]: 10.11.1.1



    I try to ping google.com using this namespace it resolves but fails.



    ip netns exec mobilens ping www.google.com


    PING www.google.com (172.217.7.4) 56(84) bytes of data.

    From 10.1.1.10 (10.1.1.10) icmp_seq=1 Destination Host Unreachable

    From 10.1.1.10 (10.1.1.10) icmp_seq=3 Destination Host Unreachable



    What else I need to do to be able to access to internet via this namespace?



    EDIT 1:
    Using xterm in the namespace, indeed makes testing easier.
    I also started to using



    dhclient -d enx8cae4cff1c86


    instead of DHSCP server in namespace.
    However problem continues.I am thinking this is somewhat due to routing. Following is result of route command from interfaces outside of namespace



    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    default router.asus.com 0.0.0.0 UG 303 0 0 wlp3s0
    10.11.1.0 0.0.0.0 255.255.255.0 U 303 0 0 wlp3s0
    10.18.0.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s25
    10.18.0.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s25


    and this one from namespace



    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    default 10.1.1.1 0.0.0.0 UG 0 0 0 enx8cae4cff1c86
    10.11.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enx8cae4cff1c86
    10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enx8cae4cff1c86


    Any suggestions about possible modifications to routing in namespace?










    share|improve this question
















    bumped to the homepage by Community 47 mins ago


    This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.


















      1












      1








      1








      I experimenting with Linux namespaces on Ubuntu 17.1 distro. Ultimate goal is to force an application to use a particular network interface via a 3G modem not the intranet wired connection. My PC has 3 network interfaces.



      enp0s25: wired to a intranet router w/o internet connectivity

      inet 10.18.0.101



      wlp3s0: wireless, used for remote management, will not be available in production environment

      inet 10.11.1.116



      enx8cae4cff1c86: wired, simulating a 4G USB mobile modem eventually will be used in production environment

      inet 10.11.1.142



      wlp3s0 and enx8cae4cff1c86 are connected to the same router.I have used following code to created a name space called mobilens



      ip netns add mobilens
      ip link set dev enx8cae4cff1c86 netns mobilens
      ip netns exec mobilens ifconfig enx8cae4cff1c86 10.1.1.10/24 up
      ip netns exec mobilens ifconfig lo 127.0.0.1/8 up
      ip netns exec mobilens route add default gw 10.1.1.1
      ip netns exec mobilens dhcpcd enx8cae4cff1c86


      I have also created a /etc/netns/mobilens/resolv.conf file with following entries



      nameserver 10.11.1.1
      nameserver 8.8.8.8
      search google.com


      Running ifconfig in name space with



      ip netns exec mobilens ifconfig


      returns

      inet 10.1.1.10 netmask 255.255.255.0

      and if I query DNS servers used in namespace as follows



      ip netns exec mobilens nmcli dev show | grep DNS


      it returns



      IP4.DNS[1]: 10.11.1.1



      I try to ping google.com using this namespace it resolves but fails.



      ip netns exec mobilens ping www.google.com


      PING www.google.com (172.217.7.4) 56(84) bytes of data.

      From 10.1.1.10 (10.1.1.10) icmp_seq=1 Destination Host Unreachable

      From 10.1.1.10 (10.1.1.10) icmp_seq=3 Destination Host Unreachable



      What else I need to do to be able to access to internet via this namespace?



      EDIT 1:
      Using xterm in the namespace, indeed makes testing easier.
      I also started to using



      dhclient -d enx8cae4cff1c86


      instead of DHSCP server in namespace.
      However problem continues.I am thinking this is somewhat due to routing. Following is result of route command from interfaces outside of namespace



      Kernel IP routing table
      Destination Gateway Genmask Flags Metric Ref Use Iface
      default router.asus.com 0.0.0.0 UG 303 0 0 wlp3s0
      10.11.1.0 0.0.0.0 255.255.255.0 U 303 0 0 wlp3s0
      10.18.0.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s25
      10.18.0.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s25


      and this one from namespace



      Kernel IP routing table
      Destination Gateway Genmask Flags Metric Ref Use Iface
      default 10.1.1.1 0.0.0.0 UG 0 0 0 enx8cae4cff1c86
      10.11.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enx8cae4cff1c86
      10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enx8cae4cff1c86


      Any suggestions about possible modifications to routing in namespace?










      share|improve this question
















      I experimenting with Linux namespaces on Ubuntu 17.1 distro. Ultimate goal is to force an application to use a particular network interface via a 3G modem not the intranet wired connection. My PC has 3 network interfaces.



      enp0s25: wired to a intranet router w/o internet connectivity

      inet 10.18.0.101



      wlp3s0: wireless, used for remote management, will not be available in production environment

      inet 10.11.1.116



      enx8cae4cff1c86: wired, simulating a 4G USB mobile modem eventually will be used in production environment

      inet 10.11.1.142



      wlp3s0 and enx8cae4cff1c86 are connected to the same router.I have used following code to created a name space called mobilens



      ip netns add mobilens
      ip link set dev enx8cae4cff1c86 netns mobilens
      ip netns exec mobilens ifconfig enx8cae4cff1c86 10.1.1.10/24 up
      ip netns exec mobilens ifconfig lo 127.0.0.1/8 up
      ip netns exec mobilens route add default gw 10.1.1.1
      ip netns exec mobilens dhcpcd enx8cae4cff1c86


      I have also created a /etc/netns/mobilens/resolv.conf file with following entries



      nameserver 10.11.1.1
      nameserver 8.8.8.8
      search google.com


      Running ifconfig in name space with



      ip netns exec mobilens ifconfig


      returns

      inet 10.1.1.10 netmask 255.255.255.0

      and if I query DNS servers used in namespace as follows



      ip netns exec mobilens nmcli dev show | grep DNS


      it returns



      IP4.DNS[1]: 10.11.1.1



      I try to ping google.com using this namespace it resolves but fails.



      ip netns exec mobilens ping www.google.com


      PING www.google.com (172.217.7.4) 56(84) bytes of data.

      From 10.1.1.10 (10.1.1.10) icmp_seq=1 Destination Host Unreachable

      From 10.1.1.10 (10.1.1.10) icmp_seq=3 Destination Host Unreachable



      What else I need to do to be able to access to internet via this namespace?



      EDIT 1:
      Using xterm in the namespace, indeed makes testing easier.
      I also started to using



      dhclient -d enx8cae4cff1c86


      instead of DHSCP server in namespace.
      However problem continues.I am thinking this is somewhat due to routing. Following is result of route command from interfaces outside of namespace



      Kernel IP routing table
      Destination Gateway Genmask Flags Metric Ref Use Iface
      default router.asus.com 0.0.0.0 UG 303 0 0 wlp3s0
      10.11.1.0 0.0.0.0 255.255.255.0 U 303 0 0 wlp3s0
      10.18.0.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s25
      10.18.0.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s25


      and this one from namespace



      Kernel IP routing table
      Destination Gateway Genmask Flags Metric Ref Use Iface
      default 10.1.1.1 0.0.0.0 UG 0 0 0 enx8cae4cff1c86
      10.11.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enx8cae4cff1c86
      10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enx8cae4cff1c86


      Any suggestions about possible modifications to routing in namespace?







      linux route namespace network-namespaces






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 13 '17 at 23:17







      tkalay

















      asked Nov 13 '17 at 20:22









      tkalaytkalay

      63




      63





      bumped to the homepage by Community 47 mins ago


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







      bumped to the homepage by Community 47 mins ago


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
























          2 Answers
          2






          active

          oldest

          votes


















          0














          Partial answer:



          First, start an xterm in the network namespace, so you have an easier time testing. I prefer mine colored, and with my userid instead of root:



          ip netns exec mobilens su -c "xterm -bg yellow &" my_userid


          Second, you are running a DHCP server in that namespace, instead of a client, and you are also running Network Manager. What you want is a DHCP client in that namespace, or a static configuration. And I've no idea what Network Manager will do when confronted with multiple namespaces (I've had bad experience with NM, I can never get it to do what I want).



          So: Either look at what NM is doing to the interfaces in your namespace (and stop NM if it's getting in the way), or configure them statically with the correct gateway, route and namerserver, or use a DHCP client, e.g. dhclient -d enx8cae4cff1c86 and watch the output to see it's properly assigning everything.



          In doubt, run tcpdump on the interface and see if the packets go out properly.






          share|improve this answer































            0














            [Solved]

            Solution was to modify default gateway. I added following line to namespace configuration file.



            ip netns exec mobilens ip route change default via 10.11.1.1 dev enx8cae4cff1c86


            This step was enough for me to ping www.google.com
            However when I disabled the management wifi connection, ping gave errors related to name resolution. I solved this problem by creating a file in etcnetnsmobilensresolv.conf
            File contained:



            nameserver 10.11.1.1
            nameserver 8.8.8.8
            search google.com


            Now I can access to internet for any given domain.






            share|improve this answer























              Your Answer








              StackExchange.ready(function() {
              var channelOptions = {
              tags: "".split(" "),
              id: "106"
              };
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function() {
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled) {
              StackExchange.using("snippets", function() {
              createEditor();
              });
              }
              else {
              createEditor();
              }
              });

              function createEditor() {
              StackExchange.prepareEditor({
              heartbeatType: 'answer',
              autoActivateHeartbeat: false,
              convertImagesToLinks: false,
              noModals: true,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: null,
              bindNavPrevention: true,
              postfix: "",
              imageUploader: {
              brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
              contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
              allowUrls: true
              },
              onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              });


              }
              });














              draft saved

              draft discarded


















              StackExchange.ready(
              function () {
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f404323%2finternet-connectivity-using-linux-network-namespace%23new-answer', 'question_page');
              }
              );

              Post as a guest















              Required, but never shown

























              2 Answers
              2






              active

              oldest

              votes








              2 Answers
              2






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes









              0














              Partial answer:



              First, start an xterm in the network namespace, so you have an easier time testing. I prefer mine colored, and with my userid instead of root:



              ip netns exec mobilens su -c "xterm -bg yellow &" my_userid


              Second, you are running a DHCP server in that namespace, instead of a client, and you are also running Network Manager. What you want is a DHCP client in that namespace, or a static configuration. And I've no idea what Network Manager will do when confronted with multiple namespaces (I've had bad experience with NM, I can never get it to do what I want).



              So: Either look at what NM is doing to the interfaces in your namespace (and stop NM if it's getting in the way), or configure them statically with the correct gateway, route and namerserver, or use a DHCP client, e.g. dhclient -d enx8cae4cff1c86 and watch the output to see it's properly assigning everything.



              In doubt, run tcpdump on the interface and see if the packets go out properly.






              share|improve this answer




























                0














                Partial answer:



                First, start an xterm in the network namespace, so you have an easier time testing. I prefer mine colored, and with my userid instead of root:



                ip netns exec mobilens su -c "xterm -bg yellow &" my_userid


                Second, you are running a DHCP server in that namespace, instead of a client, and you are also running Network Manager. What you want is a DHCP client in that namespace, or a static configuration. And I've no idea what Network Manager will do when confronted with multiple namespaces (I've had bad experience with NM, I can never get it to do what I want).



                So: Either look at what NM is doing to the interfaces in your namespace (and stop NM if it's getting in the way), or configure them statically with the correct gateway, route and namerserver, or use a DHCP client, e.g. dhclient -d enx8cae4cff1c86 and watch the output to see it's properly assigning everything.



                In doubt, run tcpdump on the interface and see if the packets go out properly.






                share|improve this answer


























                  0












                  0








                  0







                  Partial answer:



                  First, start an xterm in the network namespace, so you have an easier time testing. I prefer mine colored, and with my userid instead of root:



                  ip netns exec mobilens su -c "xterm -bg yellow &" my_userid


                  Second, you are running a DHCP server in that namespace, instead of a client, and you are also running Network Manager. What you want is a DHCP client in that namespace, or a static configuration. And I've no idea what Network Manager will do when confronted with multiple namespaces (I've had bad experience with NM, I can never get it to do what I want).



                  So: Either look at what NM is doing to the interfaces in your namespace (and stop NM if it's getting in the way), or configure them statically with the correct gateway, route and namerserver, or use a DHCP client, e.g. dhclient -d enx8cae4cff1c86 and watch the output to see it's properly assigning everything.



                  In doubt, run tcpdump on the interface and see if the packets go out properly.






                  share|improve this answer













                  Partial answer:



                  First, start an xterm in the network namespace, so you have an easier time testing. I prefer mine colored, and with my userid instead of root:



                  ip netns exec mobilens su -c "xterm -bg yellow &" my_userid


                  Second, you are running a DHCP server in that namespace, instead of a client, and you are also running Network Manager. What you want is a DHCP client in that namespace, or a static configuration. And I've no idea what Network Manager will do when confronted with multiple namespaces (I've had bad experience with NM, I can never get it to do what I want).



                  So: Either look at what NM is doing to the interfaces in your namespace (and stop NM if it's getting in the way), or configure them statically with the correct gateway, route and namerserver, or use a DHCP client, e.g. dhclient -d enx8cae4cff1c86 and watch the output to see it's properly assigning everything.



                  In doubt, run tcpdump on the interface and see if the packets go out properly.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Nov 13 '17 at 21:17









                  dirktdirkt

                  17.2k31337




                  17.2k31337

























                      0














                      [Solved]

                      Solution was to modify default gateway. I added following line to namespace configuration file.



                      ip netns exec mobilens ip route change default via 10.11.1.1 dev enx8cae4cff1c86


                      This step was enough for me to ping www.google.com
                      However when I disabled the management wifi connection, ping gave errors related to name resolution. I solved this problem by creating a file in etcnetnsmobilensresolv.conf
                      File contained:



                      nameserver 10.11.1.1
                      nameserver 8.8.8.8
                      search google.com


                      Now I can access to internet for any given domain.






                      share|improve this answer




























                        0














                        [Solved]

                        Solution was to modify default gateway. I added following line to namespace configuration file.



                        ip netns exec mobilens ip route change default via 10.11.1.1 dev enx8cae4cff1c86


                        This step was enough for me to ping www.google.com
                        However when I disabled the management wifi connection, ping gave errors related to name resolution. I solved this problem by creating a file in etcnetnsmobilensresolv.conf
                        File contained:



                        nameserver 10.11.1.1
                        nameserver 8.8.8.8
                        search google.com


                        Now I can access to internet for any given domain.






                        share|improve this answer


























                          0












                          0








                          0







                          [Solved]

                          Solution was to modify default gateway. I added following line to namespace configuration file.



                          ip netns exec mobilens ip route change default via 10.11.1.1 dev enx8cae4cff1c86


                          This step was enough for me to ping www.google.com
                          However when I disabled the management wifi connection, ping gave errors related to name resolution. I solved this problem by creating a file in etcnetnsmobilensresolv.conf
                          File contained:



                          nameserver 10.11.1.1
                          nameserver 8.8.8.8
                          search google.com


                          Now I can access to internet for any given domain.






                          share|improve this answer













                          [Solved]

                          Solution was to modify default gateway. I added following line to namespace configuration file.



                          ip netns exec mobilens ip route change default via 10.11.1.1 dev enx8cae4cff1c86


                          This step was enough for me to ping www.google.com
                          However when I disabled the management wifi connection, ping gave errors related to name resolution. I solved this problem by creating a file in etcnetnsmobilensresolv.conf
                          File contained:



                          nameserver 10.11.1.1
                          nameserver 8.8.8.8
                          search google.com


                          Now I can access to internet for any given domain.







                          share|improve this answer












                          share|improve this answer



                          share|improve this answer










                          answered Nov 14 '17 at 1:46









                          tkalaytkalay

                          63




                          63






























                              draft saved

                              draft discarded




















































                              Thanks for contributing an answer to Unix & Linux Stack Exchange!


                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid



                              • Asking for help, clarification, or responding to other answers.

                              • Making statements based on opinion; back them up with references or personal experience.


                              To learn more, see our tips on writing great answers.




                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function () {
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f404323%2finternet-connectivity-using-linux-network-namespace%23new-answer', 'question_page');
                              }
                              );

                              Post as a guest















                              Required, but never shown





















































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown

































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown







                              Popular posts from this blog

                              Loup dans la culture

                              How to solve the problem of ntp “Unable to contact time server” from KDE?

                              ASUS Zenbook UX433/UX333 — Configure Touchpad-embedded numpad on Linux