https://iximiuz.com/en/posts/container-networking-is-simple/

container名稱空間

docker run --net=host --rm -it alpine ip a 
docker run --net=bridge --rm -it alpine ip a
docker run --net=none --rm -it alpine ip a
docker run --net=container:pause --rm -it alpine ip a
docker run --net=mutil --rm -it alpine ip a

# 虛擬網路對之間網路通訊
ip netns add netns0
ip link add A type veth peer name B


ip link set A name eth0 netns netns0
nsenter --net=/var/run/netns/netns0 bash
$ ip link set eth0 up
$ ip link set lo up
$ ip address add 172.17.100.1/24 dev eth0

ip link set B up 
ip address add 172.17.100.2/24 dev B
 

# 多個網路名稱直接通訊
ip netns add netns0
ip netns add netns1

ip link add A type veth peer name B
ip link add C type veth peer name D

ip link set A name eth0 netns netns0
ip link set C name eth0 netns netns1

# 
nsenter --net=/var/run/netns/netns0 bash -c "ip link set eth0 up ;ip link set eth0 up; ip address add 172.17.100.1/24 dev eth0"

nsenter --net=/var/run/netns/netns1 bash -c "ip link set eth0 up ;ip link set eth0 up; ip address add 172.17.100.2/24 dev eth0"

# 
ip link add br172 type bridge
ip link set br172 up
ip link set B up
ip link set D up 
ip link set B master br172
ip link set D master br172

 

# 通過名稱空間訪問宿主機名稱空間eth0

ip address add 172.17.100.254/24 dev br172
nsenter --net=/var/run/netns/netns1 bash 
> ip r add default via 172.17.100.254/24
> ping 10.4.7.11

# 通過名稱空間訪問百度

ip address add 172.17.100.254/24 dev br172
nsenter --net=/var/run/netns/netns1 bash 
> ip r add default via 172.17.100.254/24
> ping 10.4.7.11


iptables -t nat -I POSTROUTING -s 172.17.100.0/24 ! -0 br172 -j MASQUERADE
iptables -P FORWARD ACCEPT
 

# 外部訪問名稱空間內網路
iptables -t nat -I PREROUTING -d 10.4.7.10 -m tcp -p tcp --dport 65535 -j DNAT --to-destination 172.17.100.1:8000

iptables -t nat -A OUTPUT -d 10.4.7.10 -p tcp -m tcp --dport 65535 -j DNAT --to-destination 172.17.100.1:8000