0

I have 2x internet connections on a linux box (running slackware btw). The ascii schematic is the following

             +------------------+
             |              eth1| --- modem #1 --- internet conn #1 
intranet --- |eth0  server      |
             |              eth2| --- modem #2 --- internet conn #2 
             +------------------+

eth0 ip : 192.168.1.1/24
eth1 ip : 192.168.123.2/29 (def.GW has metric 1), modem1 ip : 192.168.123.1/29
eth2 ip : 192.168.124.2/29 (def.GW has metric 0), modem2 ip : 192.168.124.1/29

NOTE: (I could create a bond link but the 2 connections are vastly different and I find it'll be more of a headache. Lets not delve in this path for the duration of this thread).

So the 2 internet connections are both -uselessly- in the default netw. namespace where an SSH daemon runs listening on all interfaces. For eth0 and eth2 this works fine. But I cannot ssh to this machine from "inet ip #1". The reason is that while the ssh request ingresses the server normally, in the egress direction the default GW of eth2 is used, so somewhere down the line the connection is not completed and I don't get a password prompt.

To circumvent this issue, I decided to split the 2 internet connections in 2 different netns.
Q1 : do you have a better suggestion as to how to ?

using

ip netns add fbns
ip link add link eth1 eth1_ns netns fbns type ipvlan mode l2
ip -n fbns link set lo up
ip -n fbns link set eth1_ns up
ip -n fbns addr add 192.168.123.2/24 dev eth1_ns
ip -n fbns route add default via 192.168.123.1 dev eth1_ns

so far so good , I can nslookup on the internet side from inet conn #1.

root@sk:~# ip netns exec fbns nslookup google.com 8.8.8.8
Server:     8.8.8.8
Address:    8.8.8.8#53

Non-authoritative answer:
Name:   google.com
Address: 142.250.187.174
Name:   google.com
Address: 2a00:1450:4017:80f::200e

but the local DNS server (bind) which runs in the default netns cannot be accessed:

root@sk:~# ip netns exec fbns nslookup google.com
;; connection timed out; no servers could be reached

from default netns it works fine

root@sk:~# nslookup google.com
Server:     127.0.0.1
Address:    127.0.0.1#53

Non-authoritative answer:
Name:   google.com
Address: 216.58.212.14
Name:   google.com
Address: 2a00:1450:4017:800::200e

NOTE2: the dns is not extremely necessary as I only want to be able to access the server from the internet side, but it essential that I can access modem's #1 webpage for configuration.

There are 2 solution that I attempted, in order to circumvent this issue but none of the 2 worked:

Solution 1. use socat

no sure exactly how to use this correctly but internet suggested:

ip netns exec fbns socat UDP4-RECVFROM:53,fork exec:'socat STDIO "UDP4-SENDTO:localhost:53"',nofork

I also tried the opposite, and both at the same time

socat UDP4-RECVFROM:53,fork exec:'ip netns exec fbns socat STDIO "UDP4-SENDTO:localhost:53"',nofork

but neither worked

Solution 2. use ipvlan on eth0

here I simply added the eth0 in the same manner in the netns and added a subnet forwarding towards the default netns. I probably didn't do it properly but I am not sure if ipvlan is even the right construct here.

ip link add link eth0 eth0_ns netns fbns type ipvlan mode l2
ip -n fbns link set eth0_ns up
ip -n fbns addr add 192.168.1.2/24 dev eth0_ns
ip -n fbns route add default via 192.168.1.1 dev eth1_ns

so I am not sure how to achieve a tcp and (perhaps) udp bridge. Q2: can you please point me in the right direction?

Thank you!

Improve this question

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.