blob: 43a6c08f11027abb4933324054029c4eea2d4def (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
#!/bin/sh
if [ "$(id -u)" -ne 0 ]; then
echo "You are not root."
exit 1
fi
pidfile=/srv/gitbot/wjail.pid
if ! [ -f "$pidfile" ]; then
echo "wjail not running."
exit 1
fi
PID="$(cat "$pidfile")"
# Attach iproute2 netns
ip netns attach gitbot $PID
# Add veth devices
ip link add veth-wjail type veth peer veth0 netns gitbot
# Assign ip addresses
ip addr add 10.1.1.1/24 dev veth-wjail
ip netns exec gitbot ip addr add 10.1.1.2/24 dev veth0
# Bring interfaces up
ip link set veth-wjail up
ip netns exec gitbot ip link set veth0 up
# Assign default gateway
ip netns exec gitbot route add default gw 10.1.1.1
# Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# Add NAT forwarding rule
iptables -t nat -A POSTROUTING -s 10.1.1.2/16 -j MASQUERADE
#####################################################################
# If there are "no route to host" errors in the container, check:
# # firewall-cmd --list-all
# If there is a masquerade: no line, run:
# # firewall-cmd --add-masquerade --permanent
# # firewall-cmd --reload
#####################################################################
|
