Failed to ping external network from linux namespace, why?
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
I created a namespace, and used a veth pair(veth1 and veth2) to connect the namespace with my host. I also created a linux bridge in my host and add eth0 and veth1 to the bridge as interfaces. Hers is the commands:
ip netns add namespace2
ip link add veth1 type veth peer name veth2
ip link set veth2 netns namespace2
brctl addbr br1
brctl addif br1 ens33
ifconfig ens33 0.0.0.0
ifconfig br1 192.168.90.43/22 up
brctl addif br1 veth1
ip netns exec namespace2 ifconfig veth2 192.168.90.47/22 up
ip netns exec namespace2 route add default gw 192.168.91.254
iptables -t filter -A FORWARD -m physdev --physdev-in ens33 --physdev-out veth1 -j ACCEPT
iptables -t filter -A FORWARD -m physdev --physdev-out ens33 --physdev-in veth1 -j ACCEPT
When I ping outside from my host, it works
ping 8.8.8.8
But when I ping from my namespace, it fails
ip netns exec namespace2 ping 8.8.8.8
I try to ping my gateway from
ip netns exec namespace2 ping 192.168.91.254
It has about 70% package loss.
Why it that happen?
linux networking iptables
add a comment |Â
up vote
1
down vote
favorite
I created a namespace, and used a veth pair(veth1 and veth2) to connect the namespace with my host. I also created a linux bridge in my host and add eth0 and veth1 to the bridge as interfaces. Hers is the commands:
ip netns add namespace2
ip link add veth1 type veth peer name veth2
ip link set veth2 netns namespace2
brctl addbr br1
brctl addif br1 ens33
ifconfig ens33 0.0.0.0
ifconfig br1 192.168.90.43/22 up
brctl addif br1 veth1
ip netns exec namespace2 ifconfig veth2 192.168.90.47/22 up
ip netns exec namespace2 route add default gw 192.168.91.254
iptables -t filter -A FORWARD -m physdev --physdev-in ens33 --physdev-out veth1 -j ACCEPT
iptables -t filter -A FORWARD -m physdev --physdev-out ens33 --physdev-in veth1 -j ACCEPT
When I ping outside from my host, it works
ping 8.8.8.8
But when I ping from my namespace, it fails
ip netns exec namespace2 ping 8.8.8.8
I try to ping my gateway from
ip netns exec namespace2 ping 192.168.91.254
It has about 70% package loss.
Why it that happen?
linux networking iptables
Well I wrote an answer telling you forgot to bringveth1
up. But then I read about 70% packet loss (when it should have been 100%). So I'm at a loss and deleted the answer
â A.B
Aug 20 at 17:47
Eventually I found it's about arp for the ip - arp binding was wrong, but I don`t know why it would be wrong.
â Don_Chen
Aug 22 at 3:31
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I created a namespace, and used a veth pair(veth1 and veth2) to connect the namespace with my host. I also created a linux bridge in my host and add eth0 and veth1 to the bridge as interfaces. Hers is the commands:
ip netns add namespace2
ip link add veth1 type veth peer name veth2
ip link set veth2 netns namespace2
brctl addbr br1
brctl addif br1 ens33
ifconfig ens33 0.0.0.0
ifconfig br1 192.168.90.43/22 up
brctl addif br1 veth1
ip netns exec namespace2 ifconfig veth2 192.168.90.47/22 up
ip netns exec namespace2 route add default gw 192.168.91.254
iptables -t filter -A FORWARD -m physdev --physdev-in ens33 --physdev-out veth1 -j ACCEPT
iptables -t filter -A FORWARD -m physdev --physdev-out ens33 --physdev-in veth1 -j ACCEPT
When I ping outside from my host, it works
ping 8.8.8.8
But when I ping from my namespace, it fails
ip netns exec namespace2 ping 8.8.8.8
I try to ping my gateway from
ip netns exec namespace2 ping 192.168.91.254
It has about 70% package loss.
Why it that happen?
linux networking iptables
I created a namespace, and used a veth pair(veth1 and veth2) to connect the namespace with my host. I also created a linux bridge in my host and add eth0 and veth1 to the bridge as interfaces. Hers is the commands:
ip netns add namespace2
ip link add veth1 type veth peer name veth2
ip link set veth2 netns namespace2
brctl addbr br1
brctl addif br1 ens33
ifconfig ens33 0.0.0.0
ifconfig br1 192.168.90.43/22 up
brctl addif br1 veth1
ip netns exec namespace2 ifconfig veth2 192.168.90.47/22 up
ip netns exec namespace2 route add default gw 192.168.91.254
iptables -t filter -A FORWARD -m physdev --physdev-in ens33 --physdev-out veth1 -j ACCEPT
iptables -t filter -A FORWARD -m physdev --physdev-out ens33 --physdev-in veth1 -j ACCEPT
When I ping outside from my host, it works
ping 8.8.8.8
But when I ping from my namespace, it fails
ip netns exec namespace2 ping 8.8.8.8
I try to ping my gateway from
ip netns exec namespace2 ping 192.168.91.254
It has about 70% package loss.
Why it that happen?
linux networking iptables
linux networking iptables
edited Aug 17 at 8:29
asked Aug 17 at 8:02
Don_Chen
1062
1062
Well I wrote an answer telling you forgot to bringveth1
up. But then I read about 70% packet loss (when it should have been 100%). So I'm at a loss and deleted the answer
â A.B
Aug 20 at 17:47
Eventually I found it's about arp for the ip - arp binding was wrong, but I don`t know why it would be wrong.
â Don_Chen
Aug 22 at 3:31
add a comment |Â
Well I wrote an answer telling you forgot to bringveth1
up. But then I read about 70% packet loss (when it should have been 100%). So I'm at a loss and deleted the answer
â A.B
Aug 20 at 17:47
Eventually I found it's about arp for the ip - arp binding was wrong, but I don`t know why it would be wrong.
â Don_Chen
Aug 22 at 3:31
Well I wrote an answer telling you forgot to bring
veth1
up. But then I read about 70% packet loss (when it should have been 100%). So I'm at a loss and deleted the answerâ A.B
Aug 20 at 17:47
Well I wrote an answer telling you forgot to bring
veth1
up. But then I read about 70% packet loss (when it should have been 100%). So I'm at a loss and deleted the answerâ A.B
Aug 20 at 17:47
Eventually I found it's about arp for the ip - arp binding was wrong, but I don`t know why it would be wrong.
â Don_Chen
Aug 22 at 3:31
Eventually I found it's about arp for the ip - arp binding was wrong, but I don`t know why it would be wrong.
â Don_Chen
Aug 22 at 3:31
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f463133%2ffailed-to-ping-external-network-from-linux-namespace-why%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Well I wrote an answer telling you forgot to bring
veth1
up. But then I read about 70% packet loss (when it should have been 100%). So I'm at a loss and deleted the answerâ A.B
Aug 20 at 17:47
Eventually I found it's about arp for the ip - arp binding was wrong, but I don`t know why it would be wrong.
â Don_Chen
Aug 22 at 3:31