[Feature request] Proxy between network namespaces

[phantomcraft]

This is a very good idea.

It's already implemented in HAProxy: https://fossies.org/linux/haproxy/doc/network-namespaces.txt - https://www.haproxy.org/download/1.5/src/

This feature is going to be implemented in another project: https://github.com/3proxy/3proxy/issues/486

Also, a small tool that does something related: https://github.com/stevenengler/socksns

===========================

Basically Glider would create a connection in one network namespace, and listen on ports in another one,

It could be:

glider -listen http//127.0.0.1:8080 -inns somens -outns 1 -forward socks5://127.0.0.1:1080

/\ Glider make the outgoing connection be made in netns 1 (the main network stack in which physical interfaces are exposed) and listens on loopback address (127.0.0.1) of the namespace named "somens".

OR

glider -listen http//127.0.0.1:8080 -inns 667 -outns anotherns -forward socks5://127.0.0.1:1080

/\ Glider make the outgoing connection be made in netns named "anotherns" and listens on loopback address (127.0.0.1) of the namespace number 667.

======================

Why this would be a killer feature? ===> LXC and Docker are basically "flavored" network namespaces, Glider could listen inside the netns of one of these and forward connections to main network space, providing networking to all king of OS-Level Virtualization mechanisms. Network namespaces can isolate network spaces and can be used as a anonymity tool together with Tor, I2P, OpenVPN and others, proxying through network namespaces can provide anonymity and privacy for applications that can leak network packets when running in the main network stack.

[phantomcraft]

I found this project: https://github.com/vishvananda/netns

It can serve as a basis for this implementation.

[github-actions[bot]]

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days.