netjail-init.sh (1279B)
1 #!/bin/sh 2 3 # This file is in the public domain. 4 # 5 # Shell script for the general setup of network namespaces. 6 # This script should be run once at boot time (as root). 7 # Afterwards, the netjail.sh can be used by anyone (with 8 # the right permissions) to create their own network namespace. 9 # 10 set -eu 11 12 # Be extra safe, even though sudo should already do this. 13 export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" 14 15 # Setup virtual bridge which we will use to connect all 16 # of the builder networks to. 17 18 BRIDGE=builderbridge 19 20 # This is deprecated 21 # brctl addbr $BRIDGE 22 # brctl stp $BRIDGE off 23 ip link add dev $BRIDGE type bridge stp_state 0 24 25 ip link set dev $BRIDGE up 26 27 # Connect bridge to host network 28 ip link add tap0 type veth peer name br-tap0 29 #brctl addif $BRIDGE br-tap0 30 ip link set dev br-tap0 master $BRIDGE 31 ip link set dev tap0 up 32 ip link set dev br-tap0 up 33 34 # Configure bridge on host 35 ip addr add 10.42.42.1/24 dev tap0 36 37 # Configure IP masquerading/NAT 38 # Obtain list of our network interfaces from /etc/network/interfaces 39 IFCS=`cat /etc/network/interfaces | grep iface | grep -v loopback | awk '{print $2}'` 40 for IFC in $IFCS 41 do 42 iptables --table nat --append POSTROUTING --out-interface $IFC -j MASQUERADE 43 done 44 echo 1 > /proc/sys/net/ipv4/ip_forward