I am running Linux in a VirtualBox environment. I have successfully defined 2 namespaces connected via a bridge that can talk to each other. I want to be able to get UDP packets out onto the actual network so that I can address a QEMU session running in another process (not the focus of my current question).
Here is my setup script which appears to work within the namespaces:
#!/bin/bash -x
sudo ip link add br0 type bridge
sudo ip addr add 172.31.24.5/24 dev br0
sudo ip link set dev br0 up
# tie the ethernet physical port to the bridge
sudo ip link set dev enp0s3 master br0
sudo ip netns add gmi153
sudo ip netns add mock135
sudo ip link add veth-gmi type veth peer name veth-gmi-br
sudo ip link add veth-mock type veth peer name veth-mock-br
sudo ip link
sudo ip link set veth-gmi netns gmi153
sudo ip link set veth-mock netns mock135
sudo ip link set veth-gmi-br master br0
sudo ip link set veth-mock-br master br0
sudo ip -n gmi153  addr add 172.31.24.153/24 dev veth-gmi
sudo ip -n mock135 addr add 172.31.24.135/24 dev veth-mock
sudo ip -n gmi153 link set veth-gmi up
sudo ip -n mock135 link set veth-mock up
sudo ip link set veth-gmi-br up
sudo ip link set veth-mock-br up
# add the default gateway in all the network namespace.
ip netns exec gmi153 ip route add default via 172.31.24.5
sudo ip netns exec gmi153 ping 172.31.24.135
In the normal network I can see this:
ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.31.24.5  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::1cf3:fdff:fe58:ba01  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:86:e4:57  txqueuelen 1000  (Ethernet)
        RX packets 375  bytes 21413 (21.4 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 62  bytes 6916 (6.9 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255
        inet6 fe80::4943:c6f9:c5c1:da26  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:86:e4:57  txqueuelen 1000  (Ethernet)
        RX packets 572  bytes 298973 (298.9 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 569  bytes 59746 (59.7 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 560  bytes 55475 (55.4 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 560  bytes 55475 (55.4 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
veth-gmi-br: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::18cc:ff:fe79:58df  prefixlen 64  scopeid 0x20<link>
        ether 1a:cc:00:79:58:df  txqueuelen 1000  (Ethernet)
        RX packets 80  bytes 7264 (7.2 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 91  bytes 8675 (8.6 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
veth-mock-br: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::f05c:a9ff:fe6b:df90  prefixlen 64  scopeid 0x20<link>
        ether f2:5c:a9:6b:df:90  txqueuelen 1000  (Ethernet)
        RX packets 35  bytes 3022 (3.0 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 85  bytes 8238 (8.2 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
But within a namespace I see this:
ip netns exec gmi153 ifconfig
veth-gmi: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.31.24.153  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::5c20:80ff:fe4c:6a63  prefixlen 64  scopeid 0x20<link>
        ether 5e:20:80:4c:6a:63  txqueuelen 1000  (Ethernet)
        RX packets 91  bytes 8675 (8.6 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 80  bytes 7264 (7.2 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
When I do this I do not get a ping response:
ip netns exec gmi153 ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
Note: I also do not get a ping response without the namespace prefix, which I do before executing the setup script. So, clearly, I don't really understand what I'm doing.
and after a few seconds, tcpdump shows:
tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on veth-gmi-br, link-type EN10MB (Ethernet), capture size 262144 bytes
14:09:21.468289 IP 172.31.24.153 > 8.8.8.8: ICMP echo request, id 2499, seq 9, length 64
14:09:22.492296 IP 172.31.24.153 > 8.8.8.8: ICMP echo request, id 2499, seq 10, length 64
14:09:23.515931 IP 172.31.24.153 > 8.8.8.8: ICMP echo request, id 2499, seq 11, length 64
14:09:24.539827 IP 172.31.24.153 > 8.8.8.8: ICMP echo request, id 2499, seq 12, length 64
14:09:25.577254 IP 172.31.24.153 > 8.8.8.8: ICMP echo request, id 2499, seq 13, length 64
14:09:26.587574 IP 172.31.24.153 > 8.8.8.8: ICMP echo request, id 2499, seq 14, length 64
14:09:27.623271 IP 172.31.24.153 > 8.8.8.8: ICMP echo request, id 2499, seq 15, length 64
14:09:28.655940 IP 172.31.24.153 > 8.8.8.8: ICMP echo request, id 2499, seq 16, length 64
14:09:29.661224 IP 172.31.24.153 > 8.8.8.8: ICMP echo request, id 2499, seq 17, length 64
14:09:30.683523 IP 172.31.24.153 > 8.8.8.8: ICMP echo request, id 2499, seq 18, length 64
14:09:31.708402 IP 172.31.24.153 > 8.8.8.8: ICMP echo request, id 2499, seq 19, length 64
14:09:32.733287 IP 172.31.24.153 > 8.8.8.8: ICMP echo request, id 2499, seq 20, length 64
14:09:33.764490 IP 172.31.24.153 > 8.8.8.8: ICMP echo request, id 2499, seq 21, length 64
14:09:34.784327 IP 172.31.24.153 > 8.8.8.8: ICMP echo request, id 2499, seq 22, length 64
14:09:35.804343 IP 172.31.24.153 > 8.8.8.8: ICMP echo request, id 2499, seq 23, length 64
14:09:36.829240 IP 172.31.24.153 > 8.8.8.8: ICMP echo request, id 2499, seq 24, length 64
14:09:40.028085 ARP, Request who-has 172.31.24.5 tell 172.31.24.153, length 28
14:09:40.028101 ARP, Reply 172.31.24.5 is-at 08:00:27:86:e4:57 (oui Unknown), length 28
My goal is simply to have 2 namespaces where I can declare their IP addresses that can talk to each other and also outside their namespaces to other locations, both in the local Linux address space and outside on the internet. Thanks
