8000 network namespace example - addresses issue · Issue #2 · lizrice/container-security · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

network namespace example - addresses issue #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
rdkr opened this issue May 15, 2020 · 3 comments
Closed

network namespace example - addresses issue #2

rdkr opened this issue May 15, 2020 · 3 comments
Assignees
@lizrice

Comments

@rdkr
Copy link
rdkr commented May 15, 2020

hi, thanks for writing this book - i'm enjoying it so far!

on ubuntu 18.04, i was following the examples in chapter 4 > network namespace (p.45), and ran into a couple of issues (quite possibly of my own doing, so please treat the below as conjecture):

ip addr add

To send IP traffic, there needs to an IP address associated with its interface. In the container:

root@myhost:~$ ip addr add 192.168.1.100/24 dev ve1

And on the host:

root@myhost:~$ ip addr add 192.168.1.200/24 dev ve1

i believe the second command should be targetting ve2 instead of ve1

ping from container

At this point the container can send traffic only to 192.168.1.0/24 addresses. You can test this with a ping from within the container to the remote end:

root@myhost:~$ ping 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
64 bytes from 192.168.1.100: icmp_seq=1 ttl=64 time=0.355 ms
64 bytes from 192.168.1.100: icmp_seq=2 ttl=64 time=0.035 ms
^C

with the ip addr add issue fixed as described, this ping didn't work as the ip is actually the "container" end rather than remote. i think the command should actually be ping 192.168.1.200 which does work.

the ping as written in the book:

  • does work from the host - expected as this is pinging the "container"
  • does work within the "container" but only after running ip link set lo up - expected as this is now able to ping itself (as loopback is down by default in the new net namespace)
@adamwoolhether
Copy link

Yes, this part is definitely funky

@RodneyCampbell
Copy link

:) I came here to report exactly those two issues

@lizrice lizrice self-assigned this Mar 18, 2021
@lizrice
Copy link
Owner
lizrice commented May 8, 2025

You're right, the second one (for the host) should be

ip addr add 192.168.1.200/24 dev ve2

This is corrected in the O'Reilly platform and will be fixed in the second print edition

@lizrice lizrice closed this as completed May 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lizrice lizrice

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@lizrice @rdkr @adamwoolhether @RodneyCampbell
0