3

I am using a VPS and gotten an extra IP address. I am trying and failing to assign the second IP address to a separate network namespace.

Lets say my main IP and netmask is x.x.133.39/23 and my secondary IP assigned is x.x.137.159 and default gateway is x.x.132.1

I can normally assign the secondary IP address to the default namespace using : ip addr add x.x.137.145/32 dev enp1s0 label enp1s0:1 and ssh into my server with the new IP to confirm it is working.

Now to move the IP to a network namespace I run the following commands. (Without assigning the secondary IP to the default namespace)

ip netns add ns0
ip netns exec ns0 ip link set lo up
ip link add macvlan0 link enp1s0 type macvlan mode bridge
ip link set macvlan0 netns ns0
ip netns exec ns0 ip link set macvlan0 up
ip netns exec ns0 ip addr add x.x.137.159/32 dev macvlan0

After doing this I am unable to ping to my primary IP or to the Default Gateway or to anywhere on the internet from within the namespace. What am I doing wrong?

Also I mainly only need access to the internet.

Host Configuration:

❯ ip -br link 
lo               UNKNOWN        00:00:00:00:00:00 <LOOPBACK,UP,LOWER_UP>
enp1s0           UP             56:00:xx:xx:xx:xx <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP>

❯ ip -4 -br address
lo               UNKNOWN        127.0.0.1/8     
enp1s0           UP             xx.xx.133.39/23

❯ ip -4 route
default via xx.xx.132.1 dev enp1s0 proto dhcp src xx.xx.133.39 metric 102
xx.xx.132.0/23 dev enp1s0 proto kernel scope link src xx.xx.133.39 metric 102
169.254.169.254 via xx.xx.132.1 dev enp1s0 proto dhcp src xx.xx.133.39 metric 102

❯ ip -4 neigh
xx.xx.132.1 dev enp1s0 lladdr 2a:e3:xx:xx:xx:xx REACHABLE
10.101.100.31 dev enp1s0 lladdr 2a:e3:xx:xx:xx:xx STALE

/etc/network/interfaces given by Vultr to configure both the IP's

auto lo
iface lo inet loopback

auto enp1s0
iface enp1s0 inet static
    address xx.xx.133.39
    netmask 255.255.254.0
    gateway xx.xx.132.1
    dns-nameservers 108.61.10.10
    post-up ip route add 169.254.0.0/16 dev enp1s0

auto enp1s0:1
iface enp1s0:1 inet static
    address xx.xx.137.159
    netmask 255.255.255.255
alou S
  • 31
  • 2
  • Is this with a major VPS like Azure / AWS / Google. Some of them have a very specific way of doing things so answers for one might not be totally compatible with answers for another. – Philip Couling Feb 06 '23 at 20:56
  • First, a dumb question: are you able to ping the default gateway from the global network namespace? Some devices aren't ping-able. I wouldn't expect you to be able to reach anything off the local network because you're never configuring a default route inside the network namespace (`ip netns exec ns0 ip route add default via ...`). Also, since you're using a `/32`, you'll need to add an explicit network route (or device route for the gateway). – larsks Feb 06 '23 at 21:10
  • If this is something like AWS, google or Azure the better approach might be to simply add an additional network interface to the VPS and move that into its own namespace. This would be the canonical approach, certainly for AWS, because it also lets you use your VPS cloud's firewall independently on the two IPs. – Philip Couling Feb 06 '23 at 21:15
  • I removed my answer. I realize that it would be just blind attempts until one works. – A.B Feb 07 '23 at 13:12

0 Answers0