Sandboxed network interfaces using unshare, part 2

networking
namespaces
linux
Author

Emmanuel Jeandel

Published

January 25, 2023

This is a follow up to this post and assumes you already read it.

In this post, we will change the configuration to have three machines, with IPs 10.42.0.2, 10.42.0.3, and 10.42.0.4, all on the same local network.

The reason the previous solution does not work is that we connected directly two virtual interfaces. Now we have three of them.

We will need for that 4 shells in total:

The first thing to do is as before in 4 shells:

unshare -rn

and

echo $$

to recover the PIDs of the 4 shells.

Now let BRIDGE_PID be the PID of the 4th shell, and let MY_PID be the PID of any of the three other shells.

On the three other shells, we now type:

shell1# ip link add veth0 netns MY_PID type veth peer veth10 netns BRIDGE_PID
shell1# ip link set veth0 up
shell2# ip link add veth0 netns MY_PID type veth peer veth11 netns BRIDGE_PID
shell2# ip link set veth0 up
shell3# ip link add veth0 netns MY_PID type veth peer veth12 netns BRIDGE_PID
shell3# ip link set veth0 up

We are therefore creating three connections between each of our namespace and the fourth namespace

Then in the fourth shell:

ip link set veth10 up
ip link set veth11 up
ip link set veth12 up
ip link add name br0 type bridge
ip link set dev br0 up
ip link set dev veth10 master br0
ip link set dev veth11 master br0
ip link set dev veth12 master br0

Now you just have to put IPs to the three shells and everything is working.