978-4-297-14132-5.md

『TCP/IP ネットワークコマンド入門』 §4.10 Network Namespace の活用よりコードを抜粋。WSL で試すのに向いている。

# List namespaces
ip netns list

sudo ip netns add u2
sudo ip netns add u3
ip netns list

# Create virtual network devices
sudo ip link add veth-u2 type veth peer name veth-gw2
sudo ip link set veth-u2 netns u2
sudo ip link add veth-u3 type veth peer name veth-gw3
sudo ip link set veth-u3 netns u3
ip link
sudo ip -all netns exec ip link

# Enable virtual network devices
sudo ip link set veth-gw2 up
sudo ip netns exec u2 ip link set veth-u2 up
sudo ip link set veth-gw3 up
sudo ip netns exec u3 ip link set veth-u3 up

ip link
sudo ip -all netns exec ip link

# Assign IP addresses to virtual network devices
ip a
sudo ip -all netns exec ip a
sudo ip a add 10.0.3.15/24 dev veth-gw3
sudo ip netns exec u2 ip a add 10.0.2.4/24 dev veth-u2
sudo ip a add 10.0.3.15/24 dev veth-gw3
sudo ip netns exec u3 ip a add 10.0.3.4/24 dev veth-u3
ip a

# Test 1: ping
ping -c1 10.0.2.15
ping -c1 10.0.3.15
ping -c1 10.0.2.4
ping -c1 10.0.3.4

sudo ip netns exec u2 ping -c1 10.0.2.15
sudo ip netns exec u2 ping -c1 10.0.3.15
sudo ip netns exec u2 ping -c1 10.0.2.4
sudo ip netns exec u2 ping -c1 10.0.3.4

sudo ip netns exec u3 ping -c1 10.0.2.15
sudo ip netns exec u3 ping -c1 10.0.3.15
sudo ip netns exec u3 ping -c1 10.0.2.4
sudo ip netns exec u3 ping -c1 10.0.3.4

# Routing and forwarding
sudo ip netns exec u2 ip r add 10.0.3.0/24 via 10.0.2.15
sudo ip netns exec u3 ip r add 10.0.2.0/24 via 10.0.3.15
sudo sysctl net.ipv4.ip_forward=1
ip r
sudo ip -all netns exec ip r

# Test 2: Communicate external
ping -c1 www.example.com # expected: received
sudo ip netns exec u2 ping -c1 www.example.com # expected: failure
sudo ip netns exec u3 ping -c1 www.example.com # expected: failure
sudo ip netns exec u2 ip r
sudo ip netns exec u2 ip r add default via 10.0.2.15
sudo ip netns exec u2 ip r
sudo ip netns exec u2 ping -c1 www.example.com # expected: failure

# NAT
sudo iptables -t nat -A POSTROUTING -s 10.0.2.0/24 -o eth0 -j MASQUERADE
sudo iptables -L -v -n -t nat
sudo ip netns exec u2 ping -c1 www.example.com # expected: received
sudo ip netns exec u3 ping -c1 www.example.com # expected: failed

showa-yojyo/978-4-297-14132-5.md

Select an option

No results found

Select an option

No results found