I'm attempting to achieve a somewhat standard bridged netns setup with a veth pair, with one end in the ns and the other on the bridge :
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -o eth0 -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
sysctl -w net.ipv4.ip_forward=1
ip netns add sns
ip link add br0 type bridge
ip addr add 10.10.10.1/24 dev br0
ip link set br0 up
ip link add veth0 type veth peer name br0-veth0
ip link set br0-veth0 master br0
ip link set veth0 netns sns
ip link set br0-veth0 up
ip -n sns link set lo up
ip -n sns addr add 10.10.10.10/24 dev veth0
ip -n sns link set veth0 up
ip -n sns route add default via 10.10.10.1
I'm on a bit of an old version of ubuntu 18.04 linux 4.15.0-210-generic but I'd expect this to work! I've clear out iptables of all other rules and this arrangement works else where.
If I ping the outside world by IP tcpdump shows the ICMP request being sent out, but not returned:
# tcpdump -i eth0 | grep ICMP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enxe8ea6a751298, link-type EN10MB (Ethernet), capture size 262144 bytes
16:05:32.434563 IP 10.10.10.2 > lhr25s34-in-f14.1e100.net: ICMP echo request, id 4160, seq 13, length 64
16:05:33.454709 IP 10.10.10.2 > lhr25s34-in-f14.1e100.net: ICMP echo request, id 4160, seq 14, length 64
16:05:34.478543 IP 10.10.10.2 > lhr25s34-in-f14.1e100.net: ICMP echo request, id 4160, seq 15, length 64
16:05:35.506559 IP 10.10.10.2 > lhr25s34-in-f14.1e100.net: ICMP echo request, id 4160, seq 16, length 64
16:05:36.526576 IP 10.10.10.2 > lhr25s34-in-f14.1e100.net: ICMP echo request, id 4160, seq 17, length 64
And there appears to be a return route :
ip route # ip route
default via [redacted ip] dev eth0 proto dhcp metric 100
10.10.10.0/24 dev br0 proto kernel scope link src 10.10.10.1
Any clues / advice on how to diagnose further would be greatly appreciated!
Thanks,
Simon
