```
```shell
-# gateway to NAT scenario
+# gateway - NAT scenario
# 192.168.122.87 being external ip on ens3
```shell
-# NAT to NAT scenario
+# gateway - NAT to NAT scenario
sudo ip netns add net1
sudo ip netns exec net2 nc 192.168.62.6 9999
+```
+
+```shell
+
+# gateway - NAT in NAT inline scenario
+
+# resource using the same default gateway
+
+# namespace net1 is virtual gateway (inline, NAT in gateway)
+
+sudo ip netns add net1
+
+sudo ip link add dev veth1 type veth peer name veth2 netns net1
+
+sudo ip link set up veth1
+
+sudo ip netns exec net1 ip link set up veth2
+
+sudo ip addr add 192.168.62.5/24 dev veth1
+
+sudo ip netns exec net1 ip addr add 192.168.62.6/24 dev veth2
+
+sudo ip netns exec net1 ip route add default via 192.168.62.5 dev veth2
+
+sudo ip route add 192.168.64.0/24 via 192.168.62.6 dev veth1
+
+sudo ip netns add net2
+
+sudo ip link add dev veth3 type veth peer name veth4 netns net2
+
+sudo ip link set veth3 netns net1
+
+sudo ip netns exec net1 ip link set up veth3
+
+sudo ip netns exec net2 ip link set up veth4
+
+sudo ip netns exec net1 ip addr add 192.168.122.1/24 dev veth3
+
+sudo ip netns exec net2 ip addr add 192.168.64.6/24 dev veth4
+
+sudo ip netns exec net2 ip route add default via 192.168.64.6 dev veth4
+
+sudo ip netns exec net1 ip route add 192.168.64.0/24 via 192.168.122.1 dev veth3
+
+sudo ip netns exec net1 sysctl -w net.ipv4.ip_forward=1
+
+#tcp
+
+
+sudo ip netns exec net1 iptables -I FORWARD -p tcp --syn -i veth2 -m conntrack --ctstate NEW -j ACCEPT
+
+sudo ip netns exec net1 iptables -I FORWARD -p tcp -i veth2 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+
+sudo ip netns exec net1 iptables -I FORWARD -p tcp --syn -o veth2 -m conntrack --ctstate NEW -j ACCEPT
+
+sudo ip netns exec net1 iptables -I FORWARD -p tcp -o veth2 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+
+sudo ip netns exec net1 iptables -t nat -I POSTROUTING -p tcp -o veth3 -j MASQUERADE
+
+sudo ip netns exec net1 iptables -t nat -I POSTROUTING -p tcp -o veth2 -j MASQUERADE
+
+
+sudo ip netns exec net1 iptables -P FORWARD DROP
+
+
```
```shell
--- /dev/null
+#!/bin/bash
+
+
+sudo ip netns add net1
+
+sudo ip link add dev veth1 type veth peer name veth2 netns net1
+
+sudo ip link set up veth1
+
+sudo ip netns exec net1 ip link set up veth2
+
+sudo ip addr add 192.168.62.5/24 dev veth1
+
+sudo ip netns exec net1 ip addr add 192.168.62.6/24 dev veth2
+
+sudo ip netns exec net1 ip route add default via 192.168.62.5 dev veth2
+
+sudo ip route add 192.168.64.0/24 via 192.168.62.6 dev veth1
+
+sudo ip netns add net2
+
+sudo ip link add dev veth3 type veth peer name veth4 netns net2
+
+sudo ip link set veth3 netns net1
+
+sudo ip netns exec net1 ip link set up veth3
+
+sudo ip netns exec net2 ip link set up veth4
+
+sudo ip netns exec net1 ip addr add 192.168.122.1/24 dev veth3
+
+sudo ip netns exec net2 ip addr add 192.168.64.6/24 dev veth4
+
+sudo ip netns exec net2 ip route add default via 192.168.64.6 dev veth4
+
+sudo ip netns exec net1 ip route add 192.168.64.0/24 via 192.168.122.1 dev veth3
+
+sudo ip netns exec net1 sysctl -w net.ipv4.ip_forward=1
+
+#tcp
+
+
+sudo ip netns exec net1 iptables -I FORWARD -p tcp --syn -i veth2 -m conntrack --ctstate NEW -j ACCEPT
+
+sudo ip netns exec net1 iptables -I FORWARD -p tcp -i veth2 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+
+sudo ip netns exec net1 iptables -I FORWARD -p tcp --syn -o veth2 -m conntrack --ctstate NEW -j ACCEPT
+
+sudo ip netns exec net1 iptables -I FORWARD -p tcp -o veth2 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+
+sudo ip netns exec net1 iptables -t nat -I POSTROUTING -p tcp -o veth3 -j MASQUERADE
+
+sudo ip netns exec net1 iptables -t nat -I POSTROUTING -p tcp -o veth2 -j MASQUERADE
+
+
+sudo ip netns exec net1 iptables -P FORWARD DROP
projects / linuxyz.git / commitdiff