Assuming the following:
||netns2|<-kernel routing-> netnsRoot| <-network routing-> |remote server|
netns2
- is a network namespace
- has a client that connects to the UDP server on UDP/5060
netnsRoot
- is the root network namespace (IE: typical linux routing)
- has a client that connects to the UDP server on UDP/5060
- Has ip_forward enabled and has a Masquerade rule for netns2
Server
- Only sees traffic from the netnsRoot external interface
How does Masquerade behave in the netnsRoot? I would expect that it would forward packets from netns2 but the client in netnsRoot would receive all messages first. This is not what I think I am seeing, instead I am seeing netns2 NAT punch and take over the port for a period of time.
Is this behavior documented anywhere?
Ok decided to quantify this myself
Masquerade and netnsb client
enabling Masquerade in
netnsr, and having anetnsbclient connect to anetnsaserver on 5060 from 5060 shows that 5060 is used exitingnetnsrMasquerade and both client
enabling Masquerade in
netnsr, having anetnsbclient connect to anetnsaserver on 5060 from 5060 and having the same client run innetnsrshows:this is confirmed by the conntrack entries