mexec() { /usr/bin/nsenter --mount=/root/mount_namespaces/$nn "$@"; }
-# background: head -n1 is defensive. Not sure if there is some weird feature
-# for 2 routes to be 0/0.
-gateway_ifs=($(ipd route list exact 0/0 | head -n1| sed -r 's/.*dev\s+(\S+).*/\1/'))
-
-if [[ ! $gateway_ifs ]]; then
- cat >&2 <<EOF
-$0: error: failed to find gateway interface. No output from:
-ipd route list exact 0/0 | head -n1| sed -r 's/.*dev\s+(\S+).*/\1/'
-output from "ipd route list exact 0/0":
-$(ipd route list exact 0/0)
-EOF
- exit 1
-fi
-
nat() {
- for if in ${gateway_ifs[@]}; do
- dexec iptables -t nat $1 POSTROUTING -o $if -j MASQUERADE \
- -m comment --comment "systemd network namespace nat"
- done
+ # note, in a previous commit i specified the output interface with -o,
+ # but that broke things when my gateway interface changed, and I can't
+ # see any advantage to it, so I removed it.
+ dexec iptables -t nat $1 POSTROUTING -s $network.0/24 -j MASQUERADE \
+ -m comment --comment "systemd network namespace nat"
}
# d = default
ip -n $nn link set dev lo up
fi
- echo 1 | dexec dd of=/proc/sys/net/ipv4/ip_forward 2>/dev/null
+ echo 1 | dexec dd of=/proc/sys/net/ipv4/ip_forward status=none
# docker helpfully changes the default FORWARD to drop...
diptables-add FORWARD -i $v0 -j ACCEPT
iankelling.org / git / newns / blobdiff