balki/nnss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nnss/README.md

89 lines
2.6 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Network Namespace setup using SSH SOCKS proxy
Create network namespace where all¹ network requests go via ssh connection.
## Installing
1. Install from [AUR][2].
2. Download and install pre-built archlinux package: [link][3].
3. For other linux, copy the files to appropriate path as done [here][4].
## Creating new namespace
1. Create a simple ssh config at `/etc/nnss/<namespace_name>/config`. This will
be included with [other settings][0].
2. Copy your ssh private key to `/etc/nnss/<namespace_name>/privatekey`
3. [Edit][1] your application's service file to include below properties
```systemd
[Unit]
Requires=nnssA@<namespace_name>.service
After=nnssA@<namespace_name>.service
[Service]
NetworkNamespacePath=/run/netns/<namespace_name>ns
```
### Example
```bash
sudo mkdir /etc/nnss/vps1
sudo tee /etc/nnss/vps1/config > /dev/null
Hostname xx.xx.xx.xx
User vps_user_name_here
Port 8822 # If the ssh server is not on default port 22
cp ~/.ssh/id_ed25519_for_vps1 /etc/nnss/vps1/privatekey
```
## Testing namespace
```bash
sudo systemd-run \
--property=NetworkNamespacePath=/run/netns/vps1ns \
--property=User=$USER \
--property=Requires=nnssA@vps1.service \
--property=After=nnssA@vps1.service \
--shell
[sudo] password for balki:
Running as unit: run-p233279-i233579.service
Press ^] three times within 1s to disconnect TTY.
curl https://ip.balki.me/ip
xx.xx.xx.xx
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host proto kernel_lo
valid_lft forever preferred_lft forever
18: tunvps1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 500
link/none
inet 198.19.1.1/30 scope global tunvps1
valid_lft forever preferred_lft forever
inet6 fe80::fd64:c3f3:ce6:650c/64 scope link stable-privacy proto kernel_ll
valid_lft forever preferred_lft forever
Finished with result: success
Main processes terminated with: code=exited, status=0/SUCCESS
Service runtime: 1min 4.383s
CPU time consumed: 201ms
Memory peak: 5.7M (swap: 0B)
IP traffic received: 3.2K sent: 1.3K
IO bytes written: 304K
```
## ¹DNS
DNS by default still goes via host.
[0]: ./ssh_config
[1]: https://wiki.archlinux.org/title/Systemd#Editing_provided_units
[2]: https://aur.archlinux.org/packages/nnss
[3]: https://gitea.balki.me/balki-aur/-/packages/arch/nnss/0.1.0-1
[4]: https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=nnss#n14
Reference in New Issue View Git Blame Copy Permalink