Internet connectivity using linux network namespace
I experimenting with Linux namespaces on Ubuntu 17.1 distro. Ultimate goal is to force an application to use a particular network interface via a 3G modem not the intranet wired connection. My PC has 3 network interfaces.
enp0s25: wired to a intranet router w/o internet connectivity
inet 10.18.0.101
wlp3s0: wireless, used for remote management, will not be available in production environment
inet 10.11.1.116
enx8cae4cff1c86: wired, simulating a 4G USB mobile modem eventually will be used in production environment
inet 10.11.1.142
wlp3s0 and enx8cae4cff1c86 are connected to the same router.I have used following code to created a name space called mobilens
ip netns add mobilens
ip link set dev enx8cae4cff1c86 netns mobilens
ip netns exec mobilens ifconfig enx8cae4cff1c86 10.1.1.10/24 up
ip netns exec mobilens ifconfig lo 127.0.0.1/8 up
ip netns exec mobilens route add default gw 10.1.1.1
ip netns exec mobilens dhcpcd enx8cae4cff1c86
I have also created a /etc/netns/mobilens/resolv.conf file with following entries
nameserver 10.11.1.1
nameserver 8.8.8.8
search google.com
Running ifconfig in name space with
ip netns exec mobilens ifconfig
returns
inet 10.1.1.10 netmask 255.255.255.0
and if I query DNS servers used in namespace as follows
ip netns exec mobilens nmcli dev show | grep DNS
it returns
IP4.DNS[1]: 10.11.1.1
I try to ping google.com using this namespace it resolves but fails.
ip netns exec mobilens ping www.google.com
PING www.google.com (172.217.7.4) 56(84) bytes of data.
From 10.1.1.10 (10.1.1.10) icmp_seq=1 Destination Host Unreachable
From 10.1.1.10 (10.1.1.10) icmp_seq=3 Destination Host Unreachable
What else I need to do to be able to access to internet via this namespace?
EDIT 1:
Using xterm in the namespace, indeed makes testing easier.
I also started to using
dhclient -d enx8cae4cff1c86
instead of DHSCP server in namespace.
However problem continues.I am thinking this is somewhat due to routing. Following is result of route command from interfaces outside of namespace
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default router.asus.com 0.0.0.0 UG 303 0 0 wlp3s0
10.11.1.0 0.0.0.0 255.255.255.0 U 303 0 0 wlp3s0
10.18.0.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s25
10.18.0.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s25
and this one from namespace
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.1.1.1 0.0.0.0 UG 0 0 0 enx8cae4cff1c86
10.11.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enx8cae4cff1c86
10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enx8cae4cff1c86
Any suggestions about possible modifications to routing in namespace?
linux route namespace network-namespaces
bumped to the homepage by Community♦ 47 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I experimenting with Linux namespaces on Ubuntu 17.1 distro. Ultimate goal is to force an application to use a particular network interface via a 3G modem not the intranet wired connection. My PC has 3 network interfaces.
enp0s25: wired to a intranet router w/o internet connectivity
inet 10.18.0.101
wlp3s0: wireless, used for remote management, will not be available in production environment
inet 10.11.1.116
enx8cae4cff1c86: wired, simulating a 4G USB mobile modem eventually will be used in production environment
inet 10.11.1.142
wlp3s0 and enx8cae4cff1c86 are connected to the same router.I have used following code to created a name space called mobilens
ip netns add mobilens
ip link set dev enx8cae4cff1c86 netns mobilens
ip netns exec mobilens ifconfig enx8cae4cff1c86 10.1.1.10/24 up
ip netns exec mobilens ifconfig lo 127.0.0.1/8 up
ip netns exec mobilens route add default gw 10.1.1.1
ip netns exec mobilens dhcpcd enx8cae4cff1c86
I have also created a /etc/netns/mobilens/resolv.conf file with following entries
nameserver 10.11.1.1
nameserver 8.8.8.8
search google.com
Running ifconfig in name space with
ip netns exec mobilens ifconfig
returns
inet 10.1.1.10 netmask 255.255.255.0
and if I query DNS servers used in namespace as follows
ip netns exec mobilens nmcli dev show | grep DNS
it returns
IP4.DNS[1]: 10.11.1.1
I try to ping google.com using this namespace it resolves but fails.
ip netns exec mobilens ping www.google.com
PING www.google.com (172.217.7.4) 56(84) bytes of data.
From 10.1.1.10 (10.1.1.10) icmp_seq=1 Destination Host Unreachable
From 10.1.1.10 (10.1.1.10) icmp_seq=3 Destination Host Unreachable
What else I need to do to be able to access to internet via this namespace?
EDIT 1:
Using xterm in the namespace, indeed makes testing easier.
I also started to using
dhclient -d enx8cae4cff1c86
instead of DHSCP server in namespace.
However problem continues.I am thinking this is somewhat due to routing. Following is result of route command from interfaces outside of namespace
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default router.asus.com 0.0.0.0 UG 303 0 0 wlp3s0
10.11.1.0 0.0.0.0 255.255.255.0 U 303 0 0 wlp3s0
10.18.0.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s25
10.18.0.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s25
and this one from namespace
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.1.1.1 0.0.0.0 UG 0 0 0 enx8cae4cff1c86
10.11.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enx8cae4cff1c86
10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enx8cae4cff1c86
Any suggestions about possible modifications to routing in namespace?
linux route namespace network-namespaces
bumped to the homepage by Community♦ 47 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I experimenting with Linux namespaces on Ubuntu 17.1 distro. Ultimate goal is to force an application to use a particular network interface via a 3G modem not the intranet wired connection. My PC has 3 network interfaces.
enp0s25: wired to a intranet router w/o internet connectivity
inet 10.18.0.101
wlp3s0: wireless, used for remote management, will not be available in production environment
inet 10.11.1.116
enx8cae4cff1c86: wired, simulating a 4G USB mobile modem eventually will be used in production environment
inet 10.11.1.142
wlp3s0 and enx8cae4cff1c86 are connected to the same router.I have used following code to created a name space called mobilens
ip netns add mobilens
ip link set dev enx8cae4cff1c86 netns mobilens
ip netns exec mobilens ifconfig enx8cae4cff1c86 10.1.1.10/24 up
ip netns exec mobilens ifconfig lo 127.0.0.1/8 up
ip netns exec mobilens route add default gw 10.1.1.1
ip netns exec mobilens dhcpcd enx8cae4cff1c86
I have also created a /etc/netns/mobilens/resolv.conf file with following entries
nameserver 10.11.1.1
nameserver 8.8.8.8
search google.com
Running ifconfig in name space with
ip netns exec mobilens ifconfig
returns
inet 10.1.1.10 netmask 255.255.255.0
and if I query DNS servers used in namespace as follows
ip netns exec mobilens nmcli dev show | grep DNS
it returns
IP4.DNS[1]: 10.11.1.1
I try to ping google.com using this namespace it resolves but fails.
ip netns exec mobilens ping www.google.com
PING www.google.com (172.217.7.4) 56(84) bytes of data.
From 10.1.1.10 (10.1.1.10) icmp_seq=1 Destination Host Unreachable
From 10.1.1.10 (10.1.1.10) icmp_seq=3 Destination Host Unreachable
What else I need to do to be able to access to internet via this namespace?
EDIT 1:
Using xterm in the namespace, indeed makes testing easier.
I also started to using
dhclient -d enx8cae4cff1c86
instead of DHSCP server in namespace.
However problem continues.I am thinking this is somewhat due to routing. Following is result of route command from interfaces outside of namespace
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default router.asus.com 0.0.0.0 UG 303 0 0 wlp3s0
10.11.1.0 0.0.0.0 255.255.255.0 U 303 0 0 wlp3s0
10.18.0.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s25
10.18.0.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s25
and this one from namespace
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.1.1.1 0.0.0.0 UG 0 0 0 enx8cae4cff1c86
10.11.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enx8cae4cff1c86
10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enx8cae4cff1c86
Any suggestions about possible modifications to routing in namespace?
linux route namespace network-namespaces
I experimenting with Linux namespaces on Ubuntu 17.1 distro. Ultimate goal is to force an application to use a particular network interface via a 3G modem not the intranet wired connection. My PC has 3 network interfaces.
enp0s25: wired to a intranet router w/o internet connectivity
inet 10.18.0.101
wlp3s0: wireless, used for remote management, will not be available in production environment
inet 10.11.1.116
enx8cae4cff1c86: wired, simulating a 4G USB mobile modem eventually will be used in production environment
inet 10.11.1.142
wlp3s0 and enx8cae4cff1c86 are connected to the same router.I have used following code to created a name space called mobilens
ip netns add mobilens
ip link set dev enx8cae4cff1c86 netns mobilens
ip netns exec mobilens ifconfig enx8cae4cff1c86 10.1.1.10/24 up
ip netns exec mobilens ifconfig lo 127.0.0.1/8 up
ip netns exec mobilens route add default gw 10.1.1.1
ip netns exec mobilens dhcpcd enx8cae4cff1c86
I have also created a /etc/netns/mobilens/resolv.conf file with following entries
nameserver 10.11.1.1
nameserver 8.8.8.8
search google.com
Running ifconfig in name space with
ip netns exec mobilens ifconfig
returns
inet 10.1.1.10 netmask 255.255.255.0
and if I query DNS servers used in namespace as follows
ip netns exec mobilens nmcli dev show | grep DNS
it returns
IP4.DNS[1]: 10.11.1.1
I try to ping google.com using this namespace it resolves but fails.
ip netns exec mobilens ping www.google.com
PING www.google.com (172.217.7.4) 56(84) bytes of data.
From 10.1.1.10 (10.1.1.10) icmp_seq=1 Destination Host Unreachable
From 10.1.1.10 (10.1.1.10) icmp_seq=3 Destination Host Unreachable
What else I need to do to be able to access to internet via this namespace?
EDIT 1:
Using xterm in the namespace, indeed makes testing easier.
I also started to using
dhclient -d enx8cae4cff1c86
instead of DHSCP server in namespace.
However problem continues.I am thinking this is somewhat due to routing. Following is result of route command from interfaces outside of namespace
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default router.asus.com 0.0.0.0 UG 303 0 0 wlp3s0
10.11.1.0 0.0.0.0 255.255.255.0 U 303 0 0 wlp3s0
10.18.0.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s25
10.18.0.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s25
and this one from namespace
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.1.1.1 0.0.0.0 UG 0 0 0 enx8cae4cff1c86
10.11.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enx8cae4cff1c86
10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enx8cae4cff1c86
Any suggestions about possible modifications to routing in namespace?
linux route namespace network-namespaces
linux route namespace network-namespaces
edited Nov 13 '17 at 23:17
tkalay
asked Nov 13 '17 at 20:22
tkalaytkalay
63
63
bumped to the homepage by Community♦ 47 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 47 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
Partial answer:
First, start an xterm in the network namespace, so you have an easier time testing. I prefer mine colored, and with my userid instead of root:
ip netns exec mobilens su -c "xterm -bg yellow &" my_userid
Second, you are running a DHCP server in that namespace, instead of a client, and you are also running Network Manager. What you want is a DHCP client in that namespace, or a static configuration. And I've no idea what Network Manager will do when confronted with multiple namespaces (I've had bad experience with NM, I can never get it to do what I want).
So: Either look at what NM is doing to the interfaces in your namespace (and stop NM if it's getting in the way), or configure them statically with the correct gateway, route and namerserver, or use a DHCP client, e.g. dhclient -d enx8cae4cff1c86
and watch the output to see it's properly assigning everything.
In doubt, run tcpdump
on the interface and see if the packets go out properly.
add a comment |
[Solved]
Solution was to modify default gateway. I added following line to namespace configuration file.
ip netns exec mobilens ip route change default via 10.11.1.1 dev enx8cae4cff1c86
This step was enough for me to ping www.google.com
However when I disabled the management wifi connection, ping gave errors related to name resolution. I solved this problem by creating a file in etcnetnsmobilensresolv.conf
File contained:
nameserver 10.11.1.1
nameserver 8.8.8.8
search google.com
Now I can access to internet for any given domain.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f404323%2finternet-connectivity-using-linux-network-namespace%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Partial answer:
First, start an xterm in the network namespace, so you have an easier time testing. I prefer mine colored, and with my userid instead of root:
ip netns exec mobilens su -c "xterm -bg yellow &" my_userid
Second, you are running a DHCP server in that namespace, instead of a client, and you are also running Network Manager. What you want is a DHCP client in that namespace, or a static configuration. And I've no idea what Network Manager will do when confronted with multiple namespaces (I've had bad experience with NM, I can never get it to do what I want).
So: Either look at what NM is doing to the interfaces in your namespace (and stop NM if it's getting in the way), or configure them statically with the correct gateway, route and namerserver, or use a DHCP client, e.g. dhclient -d enx8cae4cff1c86
and watch the output to see it's properly assigning everything.
In doubt, run tcpdump
on the interface and see if the packets go out properly.
add a comment |
Partial answer:
First, start an xterm in the network namespace, so you have an easier time testing. I prefer mine colored, and with my userid instead of root:
ip netns exec mobilens su -c "xterm -bg yellow &" my_userid
Second, you are running a DHCP server in that namespace, instead of a client, and you are also running Network Manager. What you want is a DHCP client in that namespace, or a static configuration. And I've no idea what Network Manager will do when confronted with multiple namespaces (I've had bad experience with NM, I can never get it to do what I want).
So: Either look at what NM is doing to the interfaces in your namespace (and stop NM if it's getting in the way), or configure them statically with the correct gateway, route and namerserver, or use a DHCP client, e.g. dhclient -d enx8cae4cff1c86
and watch the output to see it's properly assigning everything.
In doubt, run tcpdump
on the interface and see if the packets go out properly.
add a comment |
Partial answer:
First, start an xterm in the network namespace, so you have an easier time testing. I prefer mine colored, and with my userid instead of root:
ip netns exec mobilens su -c "xterm -bg yellow &" my_userid
Second, you are running a DHCP server in that namespace, instead of a client, and you are also running Network Manager. What you want is a DHCP client in that namespace, or a static configuration. And I've no idea what Network Manager will do when confronted with multiple namespaces (I've had bad experience with NM, I can never get it to do what I want).
So: Either look at what NM is doing to the interfaces in your namespace (and stop NM if it's getting in the way), or configure them statically with the correct gateway, route and namerserver, or use a DHCP client, e.g. dhclient -d enx8cae4cff1c86
and watch the output to see it's properly assigning everything.
In doubt, run tcpdump
on the interface and see if the packets go out properly.
Partial answer:
First, start an xterm in the network namespace, so you have an easier time testing. I prefer mine colored, and with my userid instead of root:
ip netns exec mobilens su -c "xterm -bg yellow &" my_userid
Second, you are running a DHCP server in that namespace, instead of a client, and you are also running Network Manager. What you want is a DHCP client in that namespace, or a static configuration. And I've no idea what Network Manager will do when confronted with multiple namespaces (I've had bad experience with NM, I can never get it to do what I want).
So: Either look at what NM is doing to the interfaces in your namespace (and stop NM if it's getting in the way), or configure them statically with the correct gateway, route and namerserver, or use a DHCP client, e.g. dhclient -d enx8cae4cff1c86
and watch the output to see it's properly assigning everything.
In doubt, run tcpdump
on the interface and see if the packets go out properly.
answered Nov 13 '17 at 21:17
dirktdirkt
17.2k31337
17.2k31337
add a comment |
add a comment |
[Solved]
Solution was to modify default gateway. I added following line to namespace configuration file.
ip netns exec mobilens ip route change default via 10.11.1.1 dev enx8cae4cff1c86
This step was enough for me to ping www.google.com
However when I disabled the management wifi connection, ping gave errors related to name resolution. I solved this problem by creating a file in etcnetnsmobilensresolv.conf
File contained:
nameserver 10.11.1.1
nameserver 8.8.8.8
search google.com
Now I can access to internet for any given domain.
add a comment |
[Solved]
Solution was to modify default gateway. I added following line to namespace configuration file.
ip netns exec mobilens ip route change default via 10.11.1.1 dev enx8cae4cff1c86
This step was enough for me to ping www.google.com
However when I disabled the management wifi connection, ping gave errors related to name resolution. I solved this problem by creating a file in etcnetnsmobilensresolv.conf
File contained:
nameserver 10.11.1.1
nameserver 8.8.8.8
search google.com
Now I can access to internet for any given domain.
add a comment |
[Solved]
Solution was to modify default gateway. I added following line to namespace configuration file.
ip netns exec mobilens ip route change default via 10.11.1.1 dev enx8cae4cff1c86
This step was enough for me to ping www.google.com
However when I disabled the management wifi connection, ping gave errors related to name resolution. I solved this problem by creating a file in etcnetnsmobilensresolv.conf
File contained:
nameserver 10.11.1.1
nameserver 8.8.8.8
search google.com
Now I can access to internet for any given domain.
[Solved]
Solution was to modify default gateway. I added following line to namespace configuration file.
ip netns exec mobilens ip route change default via 10.11.1.1 dev enx8cae4cff1c86
This step was enough for me to ping www.google.com
However when I disabled the management wifi connection, ping gave errors related to name resolution. I solved this problem by creating a file in etcnetnsmobilensresolv.conf
File contained:
nameserver 10.11.1.1
nameserver 8.8.8.8
search google.com
Now I can access to internet for any given domain.
answered Nov 14 '17 at 1:46
tkalaytkalay
63
63
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f404323%2finternet-connectivity-using-linux-network-namespace%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown