Sample Header Ad - 728x90

veth peer with netns in android

0 votes
0 answers
106 views
root-access networking iptables
How I can create veth with netns in android, with internet connection. What I try: 
sudo ip netns add client
sudo ip link add veth0 type veth peer name veth1
sudo ip link set veth1 netns client
sudo ip addr add 10.1.1.1/24 dev veth0
sudo ip link set veth0 up
sudo ip netns exec client ip addr add 10.1.1.2/24 dev veth1
sudo ip netns exec client ip link set veth1 up
sudo ip netns exec client ip link set lo up
sudo ip netns exec client ip route add default via 10.1.1.1 dev veth1 # unsure but ok to add

iptables -t mangle -I OUTPUT -s 10.1.1.0/24 -j MARK --set-mark 1000 # work ping from client to main host

ip rule add from 10.1.1.0/24 iif veth0 table 1000
ip route add default via 10.1.1.1 dev veth0 table 1000 # delete ok no effect
ip route add 10.1.1.0/24 dev veth0 proto kernel scope link src 10.1.1.1 table 1000

ip route add 192.168.1.0/24 dev wlan0 proto kernel scope link src 10.1.1.1 table 1000


ip route del 10.1.1.0/24 dev veth0 proto kernel scope link src 10.1.1.1 # delete default route bcs moved to table


ip rule add fwmark 1000 table 1000
ip rule add fwmark 1000 lookup 1000


iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o wlan0 -j MASQUERADE #important
iptables -A FORWARD -i veth0 -o wlan0 -j ACCEPT #unsure bcs no log reported
iptables -A FORWARD -o veth0 -i wlan0 -j ACCEPT #unsure bcs no log reported
Connection to host is ok 
:/ # ip netns exec client ping 10.1.1.1
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.201 ms
64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.272 ms
64 bytes from 10.1.1.1: icmp_seq=3 ttl=64 time=0.251 ms
Connection to netns ok 
# ping -I veth0 10.1.1.2
PING 10.1.1.2 (10.1.1.2) from 10.1.1.1 veth0: 56(84) bytes of data.
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=0.189 ms
64 bytes from 10.1.1.2: icmp_seq=2 ttl=64 time=0.255 ms
veth0 can ping to 1.1.1.1 ( cloudflare ) 
# ping -I veth0 1.1.1.1
PING 1.1.1.1 (1.1.1.1) from 10.1.1.1 veth0: 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=55 time=59.3 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=55 time=43.6 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=55 time=40.2 ms
^C
--- 1.1.1.1 ping statistics ---
curl from veth0 not work 
curl --interface veth0 1.1.1.1 -v
*   Trying 1.1.1.1:80...
* socket successfully bound to interface 'veth0'
* connect to 1.1.1.1 port 80 from 10.1.1.1 port 39076 failed: No route to host
* Failed to connect to 1.1.1.1 port 80 after 3073 ms: Couldn't connect to server
* Closing connection
curl: (7) Failed to connect to 1.1.1.1 port 80 after 3073 ms: Couldn't connect to server
~ $
I really give up setting this.
Asked by Anas (111 rep)
May 31, 2024, 12:45 AM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Android Enthusiasts

More questions tagged "root-access"
More questions tagged "networking"
More questions tagged "iptables"
Footer Ad - 728x90