Linux ping network namespace

linuxnetworkingping

I added namespace to my host-machine and made it available by using this:

ip netns add h1
ip link add veth01 type veth peer name veth1
ip link set dev veth1 netns h1
ifconfig veth01 10.0.0.1/24 up
ip net e h1 ifconfig veth1 10.0.0.2/24 up
route add -net 10.0.0.0/24 gw 10.0.0.1 dev veth01
ip net e h1 ip r a default via 10.0.0.1

Now I can ping 10.0.0.2 from my host and backward ( ip net e h1 ping 10.0.0.1 ).

Then I did the same with the second namespace:

ip netns add h2
ip link add veth02 type veth peer name veth2
ip link set dev veth2 netns h2
ifconfig veth02 20.0.0.1/24 up
ip net e h2 ifconfig veth2 20.0.0.2/24 up
route add -net 20.0.0.0/24 gw 20.0.0.1 dev veth02
ip net e h2 ip r a default via 20.0.0.1

Now e.g. I can ping 10.0.0.1 (and 20.0.0.1) from h1 (10.0.0.2); can ping 20.0.0.2 from host, but I can't ping 20.0.0.2 from h1. What am I doing wrong?

Thanks in advance

Best Answer

What am I doing wrong?

Adding route — it's wrong because you've assigned this network per interface pair already.

ifconfig veth01 10.0.0.1/24 up
…
route add -net 10.0.0.0/24 gw 10.0.01 dev veth01

Another possible culprit people often tend forgetting is enabling forwarding per se (sysctl net.ipv4.ip_forward=1).

Related Solutions

Ping a Specific Port

You can't ping ports, as Ping is using ICMP which is an internet layer protocol that doesn't have ports. Ports belong to the transport layer protocols like TCP and UDP.

However, you could use nmap to see whether ports are open or not

nmap -p 80 example.com

Edit: As flokra mentioned, nmap is more than just a ping-for-ports-thingy. It's the security auditers and hackers best friend and comes with tons of cool options. Check the doc for all possible flags.

Linux – Selecting gateway on application level on Linux

I can think of one way to do it which is as follows.

Define two IP addresses on your NIC like 10.0.0.1 & 10.0.0.2. This should be easy and straight-forward. This can be done using ifconfig.
Configure source based routing such that each source IP is routed to one of the default gateways. This link can help you.
Finally, you can tell your application to use bind one of the addresses 10.0.0.1 or 10.0.0.2. This way you can choose one of the gateways depending on the source IP selected. To test this, you can use telnet with -b source_ip option.

Here are the commands I used previously to enable source-based routing:

$ sudo ip rule add from 10.0.0.2 tab 1 priority 500
$ sudo ip route add default via 10.0.0.101 dev eth0 tab 1
$ sudo ip route flush cache

If you have the default gateway set to 10.0.0.100, then this should work for you. The packets sent from 10.0.0.1 should be sent to default gateway, and packets sent from 10.0.0.2 should be sent to 2nd gateway 10.0.0.101 as instructed above.

Best Answer

Related Solutions

Ping a Specific Port

Linux – Selecting gateway on application level on Linux

Related Topic