Skip to content
/ nnc Public

netcat like utility to copy traffic from listenting port to destination that lives in another namespace

License

Apache-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

threefoldtech/nnc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.github/workflows
.github/workflows
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
build.rs
build.rs
 
 
readme.md
readme.md
 
 

Repository files navigation

NNC: Namespace Network Copy

NNC is a very simple network copy tool that copies traffic from source to destination across network namespaces.

Operation

nnc listens on a certain listen address (ip, port) and accept connections. Once a connection is received the traffic is redirected to a destination --target address. But target is dialed up from a different namespace than the network namespace nnc was started in

The idea behind nnc is that it start listening first in the source namesapce (this can be the host namespace). To start in a different namespace you can always use the ip netns exec <ns> nnc ...

Once nnc successfully bind to the listening socket, it switches to the target namespace (provided by the --namespace flag). Then any incoming connections from the public namespace can be redirected to the --target address that is reachable from the private namespace.

Example

Prepare priv namespace

# create priv namespace
sudo ip netns add priv

# bring lo interface up
sudo ip -n priv l set lo up

Let's start a service inside that namespace

sudo ip netns exec priv python -m http.server --directory /tmp --bind :: 9000

This will start an http server that listens on port 9000, and serving files from the /tmp directory.

Feel free to choose another directory to serve

If you now open your browser and tried to connect to localhost:9000 you will get NOTHING! (ERR_CONNECTION_REFUSED) simply because the service is listening only INSIDE the priv namespace.

Now time to run nnc

sudo nnc -l '[::]:8080' -n /var/run/netns/priv -t 127.0.0.1:9000

This basically says, listen on port 8080 (on all interfaces) and once you get a connection, gateway it to 127.0.0.1:9000 inside the priv namespace.

NOTE: the namespaces files locations is platform specific. But it's under /var/run/netns/ on Arch, Ubuntu, and ZOS.

Now try to open http://locahost:8080 in your browser

If you wish to gateway traffic across 2 namespaces, then simply start nnc inside the source namespace. for example

ip netns exec public nnc -l '[::]:8080' -n /var/run/netns/priv -t 127.0.0.1:9000

so it will be listening inside public on 8080 and all traffic is redirected to priv address 127.0.0.1:9000

About

netcat like utility to copy traffic from listenting port to destination that lives in another namespace

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

14 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0-rc2 Latest
Mar 11, 2023

Packages

No packages published

Contributors 2

  •  
  •  

Languages