# IP Forwarding Linux
## Task 2 Description
In previous task, you already setup your machine and learned about basic networking in Linux Enterprise. Now, you should try to learn about ip forwarding and network namespace in linux.
**Example**:
```
1 VM has 1 interface bridge with static IP
1 VM has 2 interface bridge (1 static IP and 1 DHCP)
```
1. First VM must have internet connection from second VM
2. Second VM get internet from host and forward the internet to first VM.
### IP Forwarding
IP forwarding, also known as IP routing, is a networking function that allows a computer to receive incoming network packets, analyze them, and then forward them to their intended destination. This is especially useful in network configurations where the Ubuntu system acts as a router or a gateway between two or more networks.
## System Design (Not Yet)
## IP Forwarding : [Client-Side](https://medium.com/@amazingandyyy/introduction-to-network-namespaces-and-virtual-ethernet-veth-devices-304e0c02d084)
### Configure Client 🎉
1. **Configure a Namespace Network**
* Create linux namespace named `ns1`
```
ip netns add ns1
```
As you can see from here, we've created the linux namespace.
* Check the network namespace
```
ip -n ns1 link
```
In this namespace we can see the `lo` network in container and can't see the host network due to the namespace isolation.
* Configure the `veth` peer connectivity
```
ip link add tipTest2 type veth peer name br-tipTest2
ip link set tipTest2 netns ns1
```
I set the name of `veth` of `ns1` is `tipTest2` and have peer name for the linux bridge connectivity later named `br-tipTest2`.
* Configure the `veth` named `tipTest2` attached to `ns1`
After the `veth` is attached to the namespace, we can see that the interface is no longer visible in host. It means the isolation network function is working.
* Configure the `veth` IP Address and make it running
```
ip -n ns1 addr add 192.168.158.9/24 dev tipTest2
ip -n ns1 link set tipTest2 up
```
**Note that** we need to `exec` the namespace by `-n` option before execute the command. Set the IP static with your internal IP configuration and make sure to change the state to `up`, in order to make the `veth` is running.
2. **Configure the Linux Bridge**
* Create linux bridge named `brTest2`
```
ip link add brTest2 type bridge
ip link set dev brTest2 up
```
As you can see from here, I've add some configuration to make the new bridge is up and running. And also the new fifth interface is can be seen below.
* Configure the `brTest2` IP Address and make the running
```
ip addr add 192.168.158.10/24 dev brTest2
```
After we configure the internal IP Address for the bridge. Make sure every interface is up and running.
* Configure the bridge named `brTest2` attached to `peer-veth` which named `br-tipTest2`
```
ip link set tipTest2-br master brTest2
```
After the `br-tipTest2` is attached to the linux bridge, we can see that the interface is properly `master` to the `brTest2`.
* Validate if the namespace can ping bridge
Finally we can connect the interface to the intended namespace network.
3. **Bind Linux Bridge to Physical Interface**
* Install the debian package for bridge utilization
After that we can use `brctl` command.
* Bind the linux bridge `brTest2` to the pyshical `enp0s3` network as a switch
```
ip link set br-tipTest2 master brTest2
```
We can validate the connection to the physical network is by information `master brTest` in `enp0s8` interface.
* Validate if the namespace can ping server side
4. **Configure the Routing Process**
* Exec the namespace for configuration process
```
ip netns exec blue ns1
```
* Add route to the second interface on server side
```
ip route add 192.168.100.0/23 via 192.168.158.6
```
Route the connection to the gateway second interface through first interface in server side.
* Add the first interface as a default gateway
```
ip route add default via 192.168.158.6
```
* Create an IP Table configuration for NAT Connection
```
iptables -t nat -A POSTROUTING -s 192.168.158.0 -j MASQUERADE
```
This configuration make the connection ... to ...
**Note**:
At this point the client still unable to ping the internet, because the server side still reject the packet to be forwarded. And there's no logic to do the intended task.
## IP Forwarding : [Server-Side](https://medium.com/@amazingandyyy/introduction-to-network-namespaces-and-virtual-ethernet-veth-devices-304e0c02d084)
1. **Configure IP Forwarding on Server Side**
* Enable IP Forwarding on VM 1
As you cansee from here, we've created the linux namespace.
* Validate IP Forwarding on VM 1
As you cansee from here, we've created the linux namespace.
* Disable a Firewall
As you cansee from here, we've created the linux namespace.
3. **Configure iptables**
* Configure the NAT iptables
```
iptables -t nat -A POSTROUTING -s 192.168.158.0/24 -d 0/0 -j MASQUERADE
```
## IP Forwarding : [Validation](https://medium.com/@amazingandyyy/introduction-to-network-namespaces-and-virtual-ethernet-veth-devices-304e0c02d084)
1. **Validate the connection from namespace through `tipTest2` Interface**
As you can see from here, we've established the connetion from namespace trough tipTest2 Interface.
2. **Validate the connection from namespace through `tipTest2` Interface**
As you can see from here, we've established the connetion from Server trough `enp0s8` interface.
3. **Validate chain packets**
The chain packet is up to > 0, means there's packet that use configured iptables.
Sign in with Wallet
Connect another wallet