2025-01-30 15:43:45 -05:00
|
|
|
|
# Network Namespace setup using SSH SOCKS proxy
|
|
|
|
|
|
|
2025-01-30 23:27:46 -05:00
|
|
|
|
Create network namespace where all¹ network requests go via ssh connection.
|
|
|
|
|
|
|
2025-01-30 15:43:45 -05:00
|
|
|
|
## Creating new namespace
|
|
|
|
|
|
|
2025-01-30 23:27:46 -05:00
|
|
|
|
1. Create a simple ssh config at `/etc/nnss/<namespace_name>/config`. This will be
|
|
|
|
|
|
included with [other settings][0].
|
|
|
|
|
|
2. Create the ssh private key at `/etc/nnss/<namespace_name>/privatekey`
|
|
|
|
|
|
3. [Edit][1] your service file to include below properties
|
|
|
|
|
|
|
|
|
|
|
|
```systemd
|
|
|
|
|
|
[Unit]
|
|
|
|
|
|
Requires=nnss-tunsocks@<namespace_name>.service
|
|
|
|
|
|
After=nnss-tunsocks@<namespace_name>.service
|
|
|
|
|
|
[Service]
|
|
|
|
|
|
NetworkNamespacePath=/run/netns/<namespace_name>
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
### Example
|
|
|
|
|
|
|
2025-01-30 15:43:45 -05:00
|
|
|
|
```bash
|
|
|
|
|
|
❯ sudo mkdir /etc/nnss/vps1
|
|
|
|
|
|
|
|
|
|
|
|
❯ sudo tee /etc/nnss/vps1/config > /dev/null
|
|
|
|
|
|
Hostname xx.xx.xx.xx
|
|
|
|
|
|
User vps_user_name_here
|
|
|
|
|
|
Port 8822 # If the ssh server is not on default port 22
|
|
|
|
|
|
|
|
|
|
|
|
❯ cp ~/.ssh/id_ed25519_for_vps1 /etc/nnss/vps1/privatekey
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
2025-01-30 23:27:46 -05:00
|
|
|
|
## Testing namespace
|
2025-01-30 15:43:45 -05:00
|
|
|
|
|
|
|
|
|
|
```bash
|
2025-01-30 23:27:46 -05:00
|
|
|
|
❯ sudo systemd-run --property=NetworkNamespacePath=/run/netns/vps1ns --property=User=$USER --property=Requires=nnss-tunsocks@vps1.service --property=After=nnss-tunsocks@vps1.service --shell
|
|
|
|
|
|
[sudo] password for balki:
|
|
|
|
|
|
Running as unit: run-p233279-i233579.service
|
|
|
|
|
|
Press ^] three times within 1s to disconnect TTY.
|
|
|
|
|
|
|
|
|
|
|
|
❯ curl https://ip.balki.me/ip
|
|
|
|
|
|
xx.xx.xx.xx
|
|
|
|
|
|
|
|
|
|
|
|
❯ ip a
|
|
|
|
|
|
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
|
|
|
|
|
|
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
|
|
|
|
|
|
inet 127.0.0.1/8 scope host lo
|
|
|
|
|
|
valid_lft forever preferred_lft forever
|
|
|
|
|
|
inet6 ::1/128 scope host proto kernel_lo
|
|
|
|
|
|
valid_lft forever preferred_lft forever
|
|
|
|
|
|
18: tunvps1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 500
|
|
|
|
|
|
link/none
|
|
|
|
|
|
inet 198.19.1.1/30 scope global tunvps1
|
|
|
|
|
|
valid_lft forever preferred_lft forever
|
|
|
|
|
|
inet6 fe80::fd64:c3f3:ce6:650c/64 scope link stable-privacy proto kernel_ll
|
|
|
|
|
|
valid_lft forever preferred_lft forever
|
|
|
|
|
|
|
|
|
|
|
|
❯
|
|
|
|
|
|
Finished with result: success
|
|
|
|
|
|
Main processes terminated with: code=exited, status=0/SUCCESS
|
|
|
|
|
|
Service runtime: 1min 4.383s
|
|
|
|
|
|
CPU time consumed: 201ms
|
|
|
|
|
|
Memory peak: 5.7M (swap: 0B)
|
|
|
|
|
|
IP traffic received: 3.2K sent: 1.3K
|
|
|
|
|
|
IO bytes written: 304K
|
2025-01-30 15:43:45 -05:00
|
|
|
|
```
|
2025-01-30 23:27:46 -05:00
|
|
|
|
|
|
|
|
|
|
## ¹DNS
|
|
|
|
|
|
|
|
|
|
|
|
DNS by default still goes via host.
|
|
|
|
|
|
|
|
|
|
|
|
[0]: ./ssh_config
|
|
|
|
|
|
[1]: https://wiki.archlinux.org/title/Systemd#Editing_provided_units
|
