X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=newns;h=22906299aacf78adedca9c18c0f4ef3c86923a8a;hb=f397eab9a7782f2505ace92eba60b9db0323a9d0;hp=26874a14949742fd449609038ec4059dc8423081;hpb=af650bf98a593ee357045b43f612b407fedcb28d;p=newns

diff --git a/newns b/newns
index 26874a1..2290629 100755
--- a/newns
+++ b/newns
@@ -143,7 +143,6 @@ if $install_error; then
 fi
 ####   end sanity checking ####
 
-
 v0=veth0-$nn
 v1=veth1-$nn
 ip_base=10.173
@@ -153,13 +152,14 @@ if ! $create && [[ $(readlink /proc/self/ns/net) == "$(readlink /proc/1/ns/net)"
 fi
 
 # make the default network namespace be named
+
+mkdir -p /run/netns
 target=/run/netns/default
 if [[ ! -e $target && ! -L $target ]]; then
-  mkdir -p /run/netns
-  ln -s /proc/1/ns/net $target
+  # -f to avoid a race condition with running twice
+  ln -sf /proc/1/ns/net $target
 fi
 
-
 ipd() { ip -n default "$@"; }
 
 
@@ -176,25 +176,12 @@ dexec() { ip netns exec default "$@"; }
 mexec() { /usr/bin/nsenter --mount=/root/mount_namespaces/$nn "$@"; }
 
 
-# background: head -n1 is defensive. Not sure if there is some weird feature
-# for 2 routes to be 0/0.
-gateway_ifs=($(ipd route list exact 0/0 | head -n1| sed -r 's/.*dev\s+(\S+).*/\1/'))
-
-if [[ ! $gateway_ifs ]]; then
-  cat >&2 <<EOF
-$0: error: failed to find gateway interface. No output from:
-ipd route list exact 0/0 | head -n1| sed -r 's/.*dev\s+(\S+).*/\1/'
-output from "ipd route list exact 0/0":
-$(ipd route list exact 0/0)
-EOF
-  exit 1
-fi
-
 nat() {
-  for if in ${gateway_ifs[@]}; do
-    dexec iptables -t nat $1 POSTROUTING -o $if -j MASQUERADE \
-          -m comment --comment "systemd network namespace nat"
-  done
+  # note, in a previous commit i specified the output interface with -o,
+  # but that broke things when my gateway interface changed, and I can't
+  # see any advantage to it, so I removed it.
+  dexec iptables -t nat $1 POSTROUTING -s $network.0/24 -j MASQUERADE \
+        -m comment --comment "systemd network namespace nat"
 }
 
 # d = default
@@ -268,7 +255,7 @@ start() {
     ip -n $nn link set dev lo up
   fi
 
-  echo 1 | dexec dd of=/proc/sys/net/ipv4/ip_forward 2>/dev/null
+  echo 1 | dexec dd of=/proc/sys/net/ipv4/ip_forward status=none
 
   # docker helpfully changes the default FORWARD to drop...
   diptables-add FORWARD -i $v0 -j ACCEPT