Network namespaces are a feature baked into the Linux kernel that allows users to virtualize aspects of a system’s networking. This feature comes in handy in many scenarios, one of which is to bind a process to a particular network interface.
Normally, the IP routing table is used to determine which interface outbound traffic is sent to. However, in cases where two network adapters are connected to the same network, we would need to create a network namespace in order to manually choose which interface certain processes should utilize.
In this tutorial, we will show you the steps to create a new network namespace in Linux, create a new adapter in that namespace, how to assign IP information to the adapter, and finally how to bind processes to this interface.
Step 1. Start by creating a new network namespace. We will assign the name new_ns to ours.
# ip netns add new_ns
Step 2. Next, we will tie our namespace to an existing network interface. Use command ip a to see all the network interfaces on your system. In our case, we will bind our namespace to Ethernet interface ens33.
# ip link add link ens33 new_ns_int netns new_ns type ipvlan mode l2
Note: newns_int is the name we are assigning to our new network interface in the command above.
Step 3. Put up the new interface and loopback interface so they can be used.
# ip -n new_ns link set lo up # ip -n new_ns link set new_ns_int up
Step 4. Now we will assign an IP address to our newly created interface within the network namespace. To keep things simple, we can just assign the same IP address as being used by our Ethernet interface ens33.
# ip -n new_ns addr add 192.168.233.128/24 dev new_ns_int
Step 5. Also give the interface a default route. Once again, we can just use the same route as our physical interface. Use command ip route list to see your interface’s current default route.
# ip -n new_ns route add default via 192.168.233.2 dev new_ns_int
Step 6. We will also need to add a default DNS server for our interface to use. Feel free to use Google’s public DNS at 8.8.8.8.
# mkdir -p /etc/netns/new_ns # echo "nameserver 8.8.8.8" > /etc/netns/new_ns/resolv.conf
Step 7. We are now able to execute processes and tie them directly to our virtual interface within the network namespace.
Opening Firefox with process bound to interface:
# ip netns exec new_ns firefox
Executing wget command with process bound to interface:
# ip netns exec new_ns wget https://linuxnightly.com/download.zip
Step 8. Since root permissions are required in order to execute commands or spawn processes tied to the new interface, we can still use root to run programs as unprivileged users, such as user linuxnightly in this example:
# ip netns exec new_ns sudo -u linuxnightly firefox
Step 9. If you want to completely delete this namespace, as well as any virtual interfaces you have created within it, execute the following command:
# ip netns del new_ns