2
0
mirror of https://github.com/dadevel/wg-netns synced 2024-10-30 21:20:12 +00:00

readme: document netns port forwarding with socat

This commit is contained in:
dadevel 2020-11-30 13:06:44 +01:00
parent 28fcee3191
commit e225ad0bfe
No known key found for this signature in database
GPG Key ID: 1A8A9735430193D5

View File

@ -34,5 +34,30 @@ Or connect a container to it.
podman run -it --rm --network ns:/var/run/netns/my-vpn alpine wget -O - https://ipinfo.io
~~~
Or do whatever you want.
### System Service
You can find a `wg-quick@.service` equivalent at [wg-netns@.service](./wg-netns@.service).
### Port Forwarding
Forward TCP traffic from outside a network namespace to a port inside a network namespace with `socat`.
~~~ bash
socat tcp-listen:$LHOST,reuseaddr,fork "exec:ip netns exec $NETNS socat stdio 'tcp-connect:$RHOST',nofork"
~~~
Example: All connections to port 1234/tcp in the main netns are forwarded into the *my-vpn* netns to port 5678/tcp.
~~~ bash
# terminal 1, create netns and start http server inside
wg-netns up my-vpn
echo hello > ./hello.txt
ip netns exec my-vpn python3 -m http.server 5678
# terminal 2, setup port forwarding
socat tcp-listen:1234,reuseaddr,fork "exec:ip netns exec my-vpn socat stdio 'tcp-connect:127.0.0.1:5678',nofork"
# terminal 3, test
curl http://127.0.0.1:1234/hello.txt
~~~