{"id":27185075,"url":"https://github.com/threefoldtech/nnc","last_synced_at":"2025-07-25T01:17:44.143Z","repository":{"id":199863401,"uuid":"612291087","full_name":"threefoldtech/nnc","owner":"threefoldtech","description":"netcat like utility to copy traffic from listenting port to destination that lives in another namespace","archived":false,"fork":false,"pushed_at":"2023-10-12T08:36:34.000Z","size":22,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":15,"default_branch":"main","last_synced_at":"2023-10-13T02:16:50.245Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/threefoldtech.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-03-10T16:01:13.000Z","updated_at":"2023-10-13T02:16:54.277Z","dependencies_parsed_at":"2023-10-13T02:35:19.055Z","dependency_job_id":null,"html_url":"https://github.com/threefoldtech/nnc","commit_stats":null,"previous_names":["threefoldtech/nnc"],"tags_count":2,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/threefoldtech%2Fnnc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/threefoldtech%2Fnnc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/threefoldtech%2Fnnc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/threefoldtech%2Fnnc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/threefoldtech","download_url":"https://codeload.github.com/threefoldtech/nnc/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248074976,"owners_count":21043490,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-04-09T17:10:26.938Z","updated_at":"2025-04-09T17:10:27.749Z","avatar_url":"https://github.com/threefoldtech.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# `NNC`: Namespace Network Copy\n\n`NNC` is a very simple `network copy` tool that copies traffic from source to destination across network namespaces.\n\n## Operation\n\n`nnc` listens on a certain listen address (ip, port) and accept connections. Once a connection is received the traffic\nis redirected to a destination `--target` address. But target is dialed up from a different namespace than the network namespace nnc was started in\n\nThe idea behind `nnc` is that it start listening first in the source `namesapce` (this can be the host namespace). To start in a different namespace you can always use the `ip netns exec \u003cns\u003e nnc ...`\n\nOnce `nnc` successfully bind to the listening socket, it switches to the target namespace (provided by the `--namespace` flag). Then any incoming connections from the `public` namespace can be redirected to the `--target` address that is reachable from the private namespace.\n\n## Example\n\nPrepare `priv` namespace\n\n```bash\n# create priv namespace\nsudo ip netns add priv\n\n# bring lo interface up\nsudo ip -n priv l set lo up\n```\n\nLet's start a service inside that namespace\n\n```bash\nsudo ip netns exec priv python -m http.server --directory /tmp --bind :: 9000\n```\n\nThis will start an http server that listens on port 9000, and serving files from the `/tmp` directory.\n\n\u003e Feel free to choose another directory to serve\n\nIf you now open your browser and tried to connect to `localhost:9000` you will get NOTHING! (ERR_CONNECTION_REFUSED) simply because\nthe service is listening only INSIDE the `priv` namespace.\n\nNow time to run `nnc`\n\n```bash\nsudo nnc -l '[::]:8080' -n /var/run/netns/priv -t 127.0.0.1:9000\n```\n\nThis basically says, listen on port `8080` (on all interfaces) and once you get a connection, gateway it to `127.0.0.1:9000` inside the `priv` namespace.\n\n\u003e NOTE: the namespaces files locations is platform specific. But it's under /var/run/netns/ on Arch, Ubuntu, and ZOS.\n\nNow try to open `http://locahost:8080` in your browser\n\nIf you wish to gateway traffic across 2 namespaces, then simply start `nnc` inside the source namespace. for example\n\n```bash\nip netns exec public nnc -l '[::]:8080' -n /var/run/netns/priv -t 127.0.0.1:9000\n```\n\nso it will be listening inside `public` on 8080 and all traffic is redirected to `priv` address `127.0.0.1:9000`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthreefoldtech%2Fnnc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthreefoldtech%2Fnnc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthreefoldtech%2Fnnc/lists"}