- netns (network namespace)
结构
1 [upstream] [router] [downstream]
2 up-lan <----> rt-wan rt-lan <----> down-wan
3192.168.40.1 192.168.40.2 192.168.41.1 192.168.41.2
实操
创建命名空间
1sudo ip netns add upstream
2sudo ip netns add router
3sudo ip netns add downstream
创建 veth pair
1sudo ip link add up-lan type veth peer rt-wan
2sudo ip link add rt-lan type veth peer down-wan
将网卡绑定到 netns
1sudo ip link set up-lan netns upstream
2sudo ip link set rt-wan netns router
3sudo ip link set rt-lan netns router
4sudo ip link set down-wan netns downstream
1sudo ip -n upstream link
2sudo ip -n router link
3sudo ip -n downstream link
设置 IP 地址
1sudo ip -n upstream addr add 192.168.40.1/24 dev up-lan
2sudo ip -n router addr add 192.168.40.2/24 dev rt-wan
3sudo ip -n router addr add 192.168.41.1/24 dev rt-lan
4sudo ip -n downstream addr add 192.168.41.2/24 dev down-wan
启动所有网卡
1sudo ip -n upstream link set lo up
2sudo ip -n upstream link set up-lan up
3
4sudo ip -n router link set lo up
5sudo ip -n router link set rt-wan up
6sudo ip -n router link set rt-lan up
7
8sudo ip -n downstream link set lo up
9sudo ip -n downstream link set down-wan up
添加默认路由
1sudo ip -n router route add default dev rt-wan
2sudo ip -n downstream route add default dev down-wan via 192.168.41.1
启用 NAT
1sudo ip netns exec router nft 'add table ip nat'
2sudo ip netns exec router nft 'add chain ip nat postrouting { type nat hook postrouting priority srcnat; policy accept; }'
3sudo ip netns exec router nft 'add rule ip nat postrouting iifname "rt-lan" oifname "rt-wan" counter masquerade fully-random'
1sudo ip netns exec router nft list ruleset
1sudo ip netns exec downstream ping 192.168.40.1
iperf3 测速
1sudo ip netns exec upstream iperf3 -s
1sudo ip netns exec downstream iperf3 -c 192.168.40.1
销毁所有命名空间
1sudo ip netns del upstream
2sudo ip netns del router
3sudo ip netns del downstream