ei
/
mtg
miroir de https://github.com/9seconds/mtg
Suivre 1
Ajouter aux favoris 0
Bifurcation 0
Code Tickets 0 Versions 48 Wiki Activité
Parcourir la source

Merge pull request #523 from 9seconds/docs/sni-router-openwrt-podman 

contrib/sni-router: document OpenWrt + podman-compose network workaround
master
Sergei Arkhipov il y a 1 jour
Parent
482b10ff60 93db89b165
révision
1b12d9fff3
Aucun compte lié à l'adresse e-mail de l'auteur
1 fichiers modifiés avec 22 ajouts et 0 suppressions
Vue unifiée Afficher les stats Diff
  1. 22
    0
      contrib/sni-router/README.md

+ 22
- 0
contrib/sni-router/README.md Voir le fichier

119 
            └─────────┘  └─────────┘
 119 
            └─────────┘  └─────────┘
120 
 ```
 120 
 ```
121
121
122 
+## OpenWrt + podman-compose
123 
+
124 
+OpenWrt's firewall zones are bound to interface *names*.  With bare
125 
+`podman` you pin the static `podman0` bridge into a zone and you're
126 
+done — but `podman-compose up` creates a project-scoped network, and
127 
+netavark spawns a *new* bridge for it (`podman1`, `podman2`, …) that
128 
+has no firewall rules, so containers lose outbound access.
129 
+
130 
+Reuse the pre-configured `podman0` by adding to this compose file:
131 
+
132 
+```yaml
133 
+networks:
134 
+  default:
135 
+    external: true
136 
+    name: podman
137 
+```
138 
+
139 
+That tells compose to attach to the router-managed network instead of
140 
+spinning up a new one.  Background:
141 
+[discussion #513](https://github.com/9seconds/mtg/discussions/513)
142 
+and the [OpenWrt forum thread](https://forum.openwrt.org/t/podman-compose-dontt-have-network-access/250230).
143 
+
122 
 ## Files
 144 
 ## Files
123
145
124 
 | File | Purpose |
 146 
 | File | Purpose |

Écrire Aperçu
Chargement…
Annuler
Enregistrer