Replace bridge with NAT forwarding

Remove unnecessary netdown.sh Signed-off-by: Aiden Woodruff <aiden@aidenw.net>
author: Aiden Woodruff <aiden@aidenw.net> 2024-03-23 16:27:29 -0500
committer: Aiden Woodruff <aiden@aidenw.net> 2024-03-23 16:27:29 -0500
commit: c8db9305ca66c428f7690db1d00d07b2cac44776 (patch)
tree: 93d02198f16673e8510e642630df3440fa6f0b30
parent: e4df9c3d5e873630247bf6e42f56fe4388080727 (diff)
download: wjail-c8db9305ca66c428f7690db1d00d07b2cac44776.tar.gz
wjail-c8db9305ca66c428f7690db1d00d07b2cac44776.tar.bz2
wjail-c8db9305ca66c428f7690db1d00d07b2cac44776.zip
2 files changed, 27 insertions, 15 deletions
diff --git a/netdown.sh b/netdown.sh
deleted file mode 100755
index da8b49e..0000000
--- a/netdown.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-brctl delbr br-wjail
-ip netns del gitbot
diff --git a/netup.sh b/netup.sh
index 56dd0f2..8b42697 100755
--- a/netup.sh
+++ b/netup.sh
@@ -1,23 +1,39 @@
 #!/bin/sh
-if ! [ -f /srv/gitbot/wjail.pid ]; then
+if [ "$(id -u)" -ne 0 ]; then
+echo "You are not root."
+exit 1
+fi
+pidfile=/srv/gitbot/wjail.pid
+if ! [ -f "$pidfile" ]; then
 echo "wjail not running."
 exit 1
 fi
-PID=$(cat /srv/gitbot/wjail.pid)
+PID="$(cat "$pidfile")"
+# Attach iproute2 netns
 ip netns attach gitbot $PID
+# Add veth devices
 ip link add veth-wjail type veth peer veth0 netns gitbot
-ifconfig veth-wjail 10.1.1.1/24 up
-ip netns exec gitbot ifconfig veth0 10.1.1.2/24 up
-# Bridge veth-wjail to eth0
+# Assign ip addresses
-brctl addbr br-wjail
+ip addr add 10.1.1.1/24 dev veth-wjail
-brctl addif br-wjail veth-wjail
+ip netns exec gitbot ip addr add 10.1.1.2/24 dev veth0
-brctl addif br-wjail eth0
 # Bring interfaces up
-ifconfig br-wjail up
+ip link set veth-wjail up
-ifconfig eth0 up
+ip netns exec gitbot ip link set veth0 up
-ifconfig veth-wjail
+# Assign default gateway
+ip netns exec gitbot route add default gw 10.1.1.1
+# Enable IP forwarding
+echo 1 > /proc/sys/net/ipv4/ip_forward
+# Add NAT forwarding rule
+iptables -t nat -A POSTROUTING -s 10.1.1.2/16 -j MASQUERADE
author	Aiden Woodruff <aiden@aidenw.net>	2024-03-23 16:27:29 -0500
committer	Aiden Woodruff <aiden@aidenw.net>	2024-03-23 16:27:29 -0500
commit	c8db9305ca66c428f7690db1d00d07b2cac44776 (patch)
tree	93d02198f16673e8510e642630df3440fa6f0b30
parent	e4df9c3d5e873630247bf6e42f56fe4388080727 (diff)
download	wjail-c8db9305ca66c428f7690db1d00d07b2cac44776.tar.gz wjail-c8db9305ca66c428f7690db1d00d07b2cac44776.tar.bz2 wjail-c8db9305ca66c428f7690db1d00d07b2cac44776.zip

diff --git a/netdown.sh b/netdown.sh deleted file mode 100755 index da8b49e..0000000 --- a/netdown.sh +++ /dev/null
@@ -1,4 +0,0 @@
1	#!/bin/sh
2
3	brctl delbr br-wjail
4	ip netns del gitbot


diff --git a/netup.sh b/netup.sh index 56dd0f2..8b42697 100755 --- a/netup.sh +++ b/netup.sh
@@ -1,23 +1,39 @@
1	#!/bin/sh	1	#!/bin/sh
2		2
3	if ! [ -f /srv/gitbot/wjail.pid ]; then	3	if [ "$(id -u)" -ne 0 ]; then
		4	echo "You are not root."
		5	exit 1
		6	fi
		7
		8	pidfile=/srv/gitbot/wjail.pid
		9
		10	if ! [ -f "$pidfile" ]; then
4	echo "wjail not running."	11	echo "wjail not running."
5	exit 1	12	exit 1
6	fi	13	fi
7		14
8	PID=$(cat /srv/gitbot/wjail.pid)	15	PID="$(cat "$pidfile")"
9		16
		17	# Attach iproute2 netns
10	ip netns attach gitbot $PID	18	ip netns attach gitbot $PID
		19
		20	# Add veth devices
11	ip link add veth-wjail type veth peer veth0 netns gitbot	21	ip link add veth-wjail type veth peer veth0 netns gitbot
12	ifconfig veth-wjail 10.1.1.1/24 up
13	ip netns exec gitbot ifconfig veth0 10.1.1.2/24 up
14		22
15	# Bridge veth-wjail to eth0	23	# Assign ip addresses
16	brctl addbr br-wjail	24	ip addr add 10.1.1.1/24 dev veth-wjail
17	brctl addif br-wjail veth-wjail	25	ip netns exec gitbot ip addr add 10.1.1.2/24 dev veth0
18	brctl addif br-wjail eth0
19		26
20	# Bring interfaces up	27	# Bring interfaces up
21	ifconfig br-wjail up	28	ip link set veth-wjail up
22	ifconfig eth0 up	29	ip netns exec gitbot ip link set veth0 up
23	ifconfig veth-wjail	30
		31	# Assign default gateway
		32	ip netns exec gitbot route add default gw 10.1.1.1
		33
		34	# Enable IP forwarding
		35	echo 1 > /proc/sys/net/ipv4/ip_forward
		36
		37	# Add NAT forwarding rule
		38	iptables -t nat -A POSTROUTING -s 10.1.1.2/16 -j MASQUERADE
		39