How can I switch from a custom linux network namespace back to the default one?

linux-networking network-namespace
23,365

Solution 1

Newer distros/kernels support the nsenter command which, should do what you want, providing you are root when you do it.

Here is an example (Fedora 20).

[root@home ~]# unshare -n /bin/bash
[root@home ~]# ip a l
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
[root@home ~]# ping google.com
ping: unknown host google.com
[root@home ~]# nsenter -t 1 -n -- ping -c 2 google.com
PING google.com (74.125.230.65) 56(84) bytes of data.
64 bytes from lhr14s23-in-f1.1e100.net (74.125.230.65): icmp_seq=1 ttl=56 time=14.2 ms
64 bytes from lhr14s23-in-f1.1e100.net (74.125.230.65): icmp_seq=2 ttl=56 time=15.0 ms

--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 14.239/14.621/15.003/0.382 ms
[root@home ~]# nsenter -t 1 -n -- ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: p4p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 10:bf:48:88:50:ee brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.2/24 brd 192.168.1.255 scope global p4p1
       valid_lft forever preferred_lft forever
    inet6 fe80::12bf:48ff:fe88:50ee/64 scope link 
       valid_lft forever preferred_lft forever
[root@home ~]#

This relies on the setns system call. You need at least a 3.0 kernel and glibc-2.14 for this to work.

RHEL 6.5 provides support for persistent namespaces but not support for moving existing processes into new namespaces.

Solution 2

I found that you can return to the default network namespace with two simple commands:

ln -s /proc/1/ns/net /var/run/netns/default
ip netns exec default ifconfig -a

This method obviously assumes that you can see processes outside your own namespace through the proc file system. If you are in a separate PID namespace as well, returning to the default namespace is not as simple.

The above commands were tested on Ubuntu 14.04. I don't know if there is anything distribution specific about the approach.

Share:
23,365

Related videos on Youtube

Martin
Author by

Martin

Updated on September 18, 2022

Comments

  • Martin
    Martin almost 2 years

    With ip netns exec you can execute a command in a custom network namespace - but is there also a way to execute a command in the default namespace?

    For example, after executing these two commands:

    sudo ip netns add test_ns
sudo ip netns exec test_ns bash

    How can the newly created bash execute programs in the default network namespace? There is no ip netns exec default or anything similar as far as I've found.

    My scenario is:

    I want to run a SSH server in a separate network namespace (to keep the rest of the system unaware of the network connection, as the system is used for network testing), but want to be able to execute programs in the default network namespace via the SSH connection.

    What I've found out so far:

  • Martin
    Martin almost 10 years
    This works fine, execpt for the fact that Ubuntu provides an outdated util-linux package without nsenter. I found detailed build instructions here, however: askubuntu.com/questions/439056/…
  • copumpkin
    copumpkin almost 9 years
    @kasperd you say it's not as simple with a separate PID namespace. Is it actually still possible, though? Can you mention how?
  • kasperd
    kasperd almost 9 years
    @copumpkin I haven't tested that.
  • Pavel Šimerda
    Pavel Šimerda over 8 years
    I tried nsenter -t 1 -n but it created a new process just as ip netns exec and didn't change the namespace of the current process.
  • Sam Watkins
    Sam Watkins about 2 years
    -1, I don't think that the nsenter --mount option has anything to do with networking. If I'm mistaken, please clarify.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Is it possible to do Linux network namespaces (netns) on MacOS?
How to configure a Linux network namespace that allows UDP broadcast
Can't access jboss remotely despite of proper binding of IP address in standalone.xml file
What do "Unknown SSAP" and "Unknown DSAP" mean in tcpdump?
can two nic have same subnet but different network?
OpenVPN Client connects, but DNS setting are not correct (cannot resolve domain names)
tcp handshake failed.client send rst (after syn-ack). can any one advice?
Postfix - How to prevent external clients from using my server as a relay?
How to get list of all the hostname / DNS of the Linux box
zabbix network interface app shows no items for CentOS VM