I want to crawl webpages through browser and store network traffic per URL (not only HTTP but also udp, rtmp etc.) I came across this solution to use linux network namespace for per process routing. Following are the steps I followed, however unable to browse the webpage.
ip netns add test
create a pair of virtual network interfaces (veth-a and veth-b):
ip link add veth-a type veth peer name veth-b
change the active namespace of the veth-a interface:
ip link set veth-a netns test
configure the IP addresses of the virtual interfaces:
ip netns exec test ifconfig veth-a up 192.168.163.1 netmask 255.255.255.0
ifconfig veth-b up 192.168.163.254 netmask 255.255.255.0
configure the routing in the test namespace:
ip netns exec test route add default gw 192.168.163.254 dev veth-a
sudo bash -c ‘echo 1 > /proc/sys/net/ipv4/ip_forward’
sudo iptables -t nat -A POSTROUTING -s 192.168.163.0/24 -o wlan0 -j MASQUERADE
Open Browser in the namepace and get following:
sudo ip netns exec test /usr/bin/firefox http://google.com
(firefox:15861): GConf-WARNING **: Client failed to connect to the D-BUS daemon:
Failed to connect to socket /tmp/dbus-xE8M4KnMPn: Connection refused
(firefox:15861): LIBDBUSMENU-GLIB-WARNING **: Unable to get session bus: Could not connect: Connection refused
In wireshark: sudo ip netns exec test wireshark
I can see Only Outgoing DNS requests from 192.168.163 to 127.0.1.1.
Kindly let me know what I am missing here?
Instead of modifying the host /etc/resolv.conf a cleaner way would be to create a network namespace specific resolv.conf in the following path /etc/netns/ . The "ip netns" utility will bind-mound any resolv.conf on this path to a /etc/resolv.conf in a mount namespace for the process launched with the new network namespace.
Got it. I am able to ping 8.8.8.8. The problem was in DNS resolving.
Update DNS resolver.
put nameserver 8.8.8.8 in /etc/resolvconf/resolv.conf.d/base and in /etc/resolvconf/resolv.conf.d/head.
Restart Network.
sudo service network-manager restart
Now /etc/resolv.conf looks like.
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 8.8.8.8
nameserver 127.0.1.1
Finally.
sudo ip netns exec test /opt/google/chrome/google-chrome --user-data-dir=/tmp/chrome2/ http://yahoo.com
Related
When trying to initiate docker swarm, I get the following error response from daemon:
could not choose an IP address to advertise since this system has multiple addresses on interface eth0 (aa11:a111:1a1a::111 and ba11:a111:1a1a::111).
When I execute:
sudo ip addr flush dev eth0
I successfully remove all ip addresses, however, they are recreated once I reboot. What might be the reason for this?
I was trying to setup go auto dial which uses cent OS, I am totally new to cent OS and don't know how to configure network on it, and without network I can't access the go auto CE portal.
I tried putting my WiFi IP sub-net mask and default gateway, but when I try to access the given IP it shows me:
To display all your network interfaces (to check your interface name, eth0 in following example, replace eth0 par your interface name read from the result of the following command):
[root#localhost]# ifconfig -a
if you use eth0 interface you should configure like following:
[root#localhost]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
## Configure eth0
#
# /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0" # interface name
NM_CONTROLLED="no"
ONBOOT=yes # launch network in Linux boot
HWADDR=AA:BB:CC:DD:EE:FF # your mac address
TYPE=Ethernet
BOOTPROTO=static # static or dhcp
NAME="System eth0"
IPADDR=X.X.X.X # your ip address if static is chosen
NETMASK=255.255.255.0 # your netmask if static is chosen
[root#localhost]# vi /etc/sysconfig/network
## Configure Default Gateway
#
# /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=centos6
GATEWAY=192.168.1.1
Restart Network Interface
[root#localhost]# /etc/init.d/network restart
Configure DNS Server
[root#localhost]# vi /etc/resolv.conf
nameserver 8.8.8.8 # Replace with your nameserver ip
nameserver 8.8.4.4 # Replace with your nameserver ip
I'm trying to use network namespaces to achieve VRF behavior (virtual routing and forwarding) for network isolation. Essentially I have a server application (C/C++) running on a TCP port in the default namespace. What I'd like to do is use network namespaces to create isolated VRF's using VLANs, and then have that application running in the default namespace be able to spawn a thread to each namespace to listen on that same port per namespace.
I have the network side figured out, I just can't see how I can spawn a thread (prefer to use pthread's instead of clone() if possible), call setns() on one of those namespaces, and then bind to the same port inside the namespace. Here's what I'm doing to create the namespaces and bridges (limiting to one namespace here for simplicity):
# ip netns add ns_vlan100
# ip link add link eno1 eno1.100 type vlan id 100
# ip link add veth0 type veth peer name veth_vlan100
# ip link set veth0 netns ns_vlan100
# ip netns exec ns_vlan100 ip link set dev veth0 up
# ip link set dev veth_vlan100 up
# brctl addbr bridge_vlan100
# brctl addif bridge_vlan100 eno1.100
# brctl addif bridge_vlan100 veth_vlan100
# ip link set dev bridge_vlan100 up
# ip link set dev eno1.100 up
# ip netns exec ns_vlan100 ifconfig veth0 10.10.10.1 netmask 255.255.255.0 up
# ip netns exec ns_vlan100 ip route add default via 10.10.10.1
With this, I can create a VLAN on a peer machine (no containers) and ping 10.10.10.1 without issue. So I know the links are good. What I want to do is then have my existing application be able to spawn a thread in C or C++ (pthreads are heavily preferred), and that thread call setns() with something to put it into namespace ns_vlan100, so I can then bind to the same port for my application, just inside that namespace.
I can't seem to figure out how to do this. Any help is much appreciated.
I'm trying to configure my docker container to see my local private rpm repository through http. It cannot resolve the dns name and I'm probably not setting up DNS correctly on the host CENTOS 6.5 VM.
http://
172.17.42.1
/repository/CENTOS/6/nginx/x86_64/repodata/repomd.xml:
[Errno 14] PYCURL ERROR 7 - > "couldn't connect to host"
bash-4.1# more /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://
172.17.42.1/repository/CENTOS/$releasever/nginx/$basearch/
(can't connect to host)
gpgcheck=0
enabled=1
The container /etc/resolv.conf contains this
bash-4.1# cat /etc/resolv.conf
nameserver 192.168.64.2
nameserver 192.168.64.129
nameserver 127.0.0.1
search localdomain eadis.local
When I try to add the domainname to the IP address it does not
resolve.
Docker container IP address
eth0 Link encap:Ethernet HWaddr 7E:EB:4C:25:F4:DA
inet addr:172.17.0.7 Bcast:0.0.0.0 Mask:255.255.0.0
Host VM Docker server
docker0 Link encap:Ethernet HWaddr FE:EF:63:A8:65:5C
inet addr:
172.17.42.1
Bcast:0.0.0.0 Mask:255.255.0.0
eth3 Link encap:Ethernet HWaddr 00:0C:29:10:0A:77
inet addr:192.168.64.129 Bcast:192.168.64.255 Mask:255.255.255.0
[root#centos named]# cat /etc/resolv.conf
domain localdomain
search localdomain eadis.local
nameserver 192.168.64.129
nameserver 192.168.64.2
When you run your container with --net or --network, docker will use a self DNS server to discover services that runs with it. All DNS queries are sent to the docker engine.
In normal times (when using default network) you can use the --dns option on your run command. But when you run your images with a self-defined network, you must add your customize resolv.conf file to the container. You make one on your system and name it custom-resolv.conf.
In this file you can add your custom dns address and add it to your container.
nameserver 1.0.0.1
nameserver 4.2.2.4
Then you must add this small part to your run command:
-v /path/to/file/custom-resolv.conf:/etc/resolv.conf:ro
Use ro for read-only volume mapping. When your container is started, you can exec to your container and check the /etc/resolv.conf file which must be the same as custom-resolv.conf.
Now all of your DNS requests are sent to your DNS server.
I am creating GRE Tunnel between two Linux (CentOS6) servers using below steps.
On the master server:
chkconfig iptables off
service iptables stop
sysctl -w net.ipv4.conf.default.rp_filter=0
modprobe ip_gre
ip tunnel add tun1 mode gre remote 98.123.87.97 local 106.61.58.98 ttl 255
ip addr add 10.0.1.0/24 dev tun1
ip link set dev tun1 up
ip addr add 98.123.87.95/27 dev eth0
On the slave server:
chkconfig iptables off
service iptables stop
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv4.conf.all.forwarding=1
sysctl -w net.ipv4.conf.proxy_arp=1
sysctl -w net.ipv4.conf.all.proxy_arp=1
sysctl -w net.ipv4.conf.eth0.rp_filter=0
sysctl -w net.ipv4.conf.default.rp_filter=0
modprobe ip_gre
ip tunnel add tunx mode gre remote 106.61.58.98 local 98.123.87.97 ttl 255
ip addr add 10.0.2.0/24 dev tun0
ip link set tunx up
ip route add 98.123.87.95/27 dev tun0
I need to add slave server's IP into the on my master server, I am getting the ping response form tunnelled IPs (Slave Server's IP) and when I am trying to SSH the tunnelled IP (Slave IP) I am reaching to Masters(this is what I want).
Problem is when I am trying to send outgoing traffic like DNS query by Tunnelled IP(Slave IP) I am getting time out request.
I guess this is routing issue of one of my server. Any idea what should i do to get through my outgoing traffic by tunnelled IPs?
Thanks,
Are you really adding 10.0.1.0/24 address? This is a network address, looks like mistake.
Also, you shuold add default route(or route to dns servers or whatever you want) on client machine through your tunnel with gateway=another_end_of_tunnel.
Don't forget to add static route to your machine if you don't want to loose connection, before adding default route!