1

I want to connect macvlan to the internet, but i can't. I added macvlan to the network namespace, what to do next?

I am using VPS server (Cloud VPS), OS Debian 10 My default gateway, outside the network namespace: 192.0.2.1

netstat -rn

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.0.2.1       0.0.0.0         UG        0 0          0 eth0
10.5.0.0        0.0.0.0         255.255.255.224 U         0 0          0 tun0
10.168.179.0    0.0.0.0         255.255.255.0   U         0 0          0 eth1
187.215.130.0   0.0.0.0         255.255.255.0   U         0 0          0 eth0

I tried to add a namespace, and attach macvlan to it:

ip netns add net1;\
ip link add macvlan1 link eth0 type macvlan mode bridge;\
ip link set macvlan1 netns net1;\
ip netns exec net1 ip addr add 187.215.130.107 dev macvlan1;\
ip netns exec net1 ip link set macvlan1 up; ip netns exec net1 ip link set lo up;\
ip netns exec net1 su -c "screen"

187.215.130.107 - the second public IP address of the server.

I tried to add a default gateway, inside the net1 namespace, but got the error:

ip route add default via 192.0.2.1
Error: Nexthop has invalid gateway.

route add default gw 192.0.2.1 dev macvlan1
SIOCADDRT: Network is unreachable

Route table is empty:

netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface

curl http://ipecho.net/plain
curl: (6) Could not resolve host: ipecho.net

ping 192.0.2.1
connect: Network is unreachable

ping 192.168.0.1
connect: Network is unreachable

ping 10.5.0.1
connect: Network is unreachable

ping 187.215.130.0
connect: Network is unreachable

ping 10.168.179.0
connect: Network is unreachable

Inside the net1 namespace: ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
40: macvlan1@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 32:5d:65:12:b1:fe brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 187.215.130.107/32 scope global macvlan1
       valid_lft forever preferred_lft forever
    inet6 fe80::305d:65ff:fe12:b1fe/64 scope link 
       valid_lft forever preferred_lft forever

Outside the network namespace: ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:ec:a6:68:1c brd ff:ff:ff:ff:ff:ff
    inet 187.151.116.253/32 brd 187.151.116.253 scope global eth0
       valid_lft forever preferred_lft forever
    inet 187.215.130.107/24 brd 187.215.130.255 scope global eth0:1
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ecff:fea6:681c/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:09:08:9c brd ff:ff:ff:ff:ff:ff
    inet 10.168.179.38/24 brd 10.168.179.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe09:89c/64 scope link 
       valid_lft forever preferred_lft forever
10: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none 
    inet 10.5.0.1/27 brd 10.5.0.31 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::4235:badc:190b:2d1d/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever

It looks like there is no bridge, between macvlan1 and eth0. There was a bridge, until i moved macvlan1 to the net1 namespace. What should I do now, to connect macvlan1 to eth0?

Pikachu
  • 111
  • 4
  • It could be 1/ a simple DNS resolution problem. Try again with direct IP addresses 2/ the way your host provider enforces security. Giving the host provider's name and the chosen hosting option in the question can help (eg: some restrict MAC address use and require additional steps or other methods instead) – A.B Jan 30 '21 at 11:02
  • it's not due to hosting policy, even on my local `Debian 10` - same result. i believe `macvlan1` doesn't see `eth0`, and cannot establish a connection. – Pikachu Jan 30 '21 at 11:28
  • Many things have changed, in newer versions of Linux. Maybe something won't work as expected... – Pikachu Jan 30 '21 at 11:42
  • I need help, I spent several tens of hours, but nothing works .. – Pikachu Jan 30 '21 at 11:54
  • 1
    I can see there's not even a default route added in the setup. There might be multiple issues. If you address any of my now 3 remarks in my comments, add it in the question, not as comment. – A.B Jan 30 '21 at 12:11
  • 1
    You need a route to the gateway before being able to use it in a default route. One way among multiple methods, requiring only one command: replace the address command with this one instead : `ip address add 187.215.130.107 peer 192.0.2.1/32 dev macvlan1` . That way a link route to the gateway will be automatically added by the kernel when the interface is up. You still must add the default router then. Of course **your host provider must have a setting on its own router allowing the route in the opposite direction**. That's why giving the host provider name helps people to answer you. – A.B Jan 30 '21 at 13:40
  • 1
    also setting the same IP address on multiple interfaces is prone to failure unless one knows how it's working. I can see it on eth0. I'm leaving it here, too many issues at once. – A.B Jan 30 '21 at 13:48
  • Thank you, you solved my problem. I used this command: `ip address add 187.215.130.107 peer 192.0.2.1/32 dev macvlan1` And after that: `ip netns exec net1 ip route add default via 192.0.2.1`. it's happiness when everything works great! I would never solve this problem alone. – Pikachu Jan 30 '21 at 14:26
  • @pikachu remember to add a answer else we will reminded until tge end of the portal for an answer – djdomi Apr 09 '22 at 11:14

0 Answers0