From 13c7a2854529c73169391ac28a1a3fa567279275 Mon Sep 17 00:00:00 2001 From: John Dorman Date: Wed, 17 Jun 2020 07:02:49 -0700 Subject: [PATCH] Update method for macvlan, reducing IP clutter --- AdguardHome/udm-files/on_boot.sh | 11 ++++++----- nextdns/README.md | 2 +- nextdns/docker/Dockerfile | 19 ++++++++----------- nextdns/udm-files/20-dns.conflist | 2 +- nextdns/udm-files/on_boot.sh | 9 ++++++--- run-pihole/udm-files/on_boot.sh | 8 +++++--- 6 files changed, 27 insertions(+), 24 deletions(-) diff --git a/AdguardHome/udm-files/on_boot.sh b/AdguardHome/udm-files/on_boot.sh index 5119300..10b8537 100644 --- a/AdguardHome/udm-files/on_boot.sh +++ b/AdguardHome/udm-files/on_boot.sh @@ -7,17 +7,18 @@ ln -s /mnt/data/podman/cni/20-dns.conflist /etc/cni/net.d/20-dns.conflist # Create a new bridge interface so the host can talk to containers inside the podman macvlan network # Assumes your Podman network made in the controller is on VLAN 5 # Adjust the IP to match the address in your cni configuration -ip link add br5.mac link br5 type macvlan mode bridge ip link set br5 promisc on + +ip link add br5.mac link br5 type macvlan mode bridge +ip addr add 10.0.5.1/24 dev br5.mac noprefixroute ip link set br5.mac promisc on -ip addr add 10.0.5.2/24 dev br5.mac ip link set br5.mac up -ip route add 10.0.5.3/32 dev br5.mac proto static scope link + +ip route add 10.0.5.3/32 dev br5.mac #Remove the # on the line below when Docker container is deployed. #podman start AdguardHome # Uncomment and adjust these rules if you want to use DNAT to force DNS to this container. # iptables -t nat -C PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br0 -p udp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 # iptables -t nat -C PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 || iptables -t nat -A PREROUTING -i br0 -p tcp ! --source 10.0.5.3 ! --destination 10.0.5.3 --dport 53 -j DNAT --to 10.0.5.3 -# iptables -t nat -C POSTROUTING -o br0 -d 10.0.5.3 -p tcp --dport 53 -j MASQUERADE || iptables -t nat -A POSTROUTING -o br0 -d 10.0.5.3 -p tcp --dport 53 -j MASQUERADE -# iptables -t nat -C POSTROUTING -o br0 -d 10.0.5.3 -p udp --dport 53 -j MASQUERADE || iptables -t nat -A POSTROUTING -o br0 -d 10.0.5.3 -p udp --dport 53 -j MASQUERADE + diff --git a/nextdns/README.md b/nextdns/README.md index 840955d..b5a6d53 100644 --- a/nextdns/README.md +++ b/nextdns/README.md @@ -39,7 +39,7 @@ If you have already installed PiHole, skip right to step 6. 6. Create /mnt/data/nextdns and copy [nextdns.conf](https://github.com/boostchicken/udm-utilities/blob/master/nextdns/udm-files/nextdns.conf) to it. 7. Run the NextDNS docker container. Mounting dbus and running in privileged is only required for mDNS. Also, please change the --dns arguments to whatever was provided by NextDNS. ``` - podman run -d --privileged --network dns --restart always \ + podman run -d -it --privileged --network dns --restart always \ --name nextdns \ -v "/mnt/data/nextdns/:/etc/nextdns/" \ -v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket \ diff --git a/nextdns/docker/Dockerfile b/nextdns/docker/Dockerfile index 8f37c79..eef87fe 100644 --- a/nextdns/docker/Dockerfile +++ b/nextdns/docker/Dockerfile @@ -1,14 +1,11 @@ -FROM alpine AS builder +FROM alpine ENV VERSION=1.6.4 -WORKDIR /tmp -RUN apk add curl \ - && mkdir nextdns \ - && curl -fsSL https://github.com/nextdns/nextdns/releases/download/v${VERSION}/nextdns_${VERSION}_linux_arm64.tar.gz -o nextdns.tar.gz \ - && tar zxf nextdns.tar.gz -C ./nextdns - -FROM debian:buster-slim LABEL maintainer="John Dorman " -RUN apt update && apt install -y ca-certificates -COPY --from=builder /tmp/nextdns /opt/nextdns +RUN apk add --no-cache ca-certificates \ + && mkdir -p /opt/nextdns \ + && wget -O /tmp/nextdns.tar.gz https://github.com/nextdns/nextdns/releases/download/v${VERSION}/nextdns_${VERSION}_linux_arm64.tar.gz \ + && tar zxf /tmp/nextdns.tar.gz -C /opt/nextdns \ + && rm /tmp/nextdns.tar.gz EXPOSE 53/tcp 53/udp -ENTRYPOINT ["/opt/nextdns/nextdns","run", "-config-file", "/etc/nextdns/nextdns.conf"] \ No newline at end of file +ENTRYPOINT ["/opt/nextdns/nextdns","run", "-config-file", "/etc/nextdns/nextdns.conf"] +CMD [] \ No newline at end of file diff --git a/nextdns/udm-files/20-dns.conflist b/nextdns/udm-files/20-dns.conflist index a6f26dd..5398e3a 100644 --- a/nextdns/udm-files/20-dns.conflist +++ b/nextdns/udm-files/20-dns.conflist @@ -5,7 +5,7 @@ { "type": "macvlan", "mode": "bridge", - "master": "br5", + "master": "br5.mac", "ipam": { "type": "static", "addresses": [ diff --git a/nextdns/udm-files/on_boot.sh b/nextdns/udm-files/on_boot.sh index 1a1cadf..64d1201 100644 --- a/nextdns/udm-files/on_boot.sh +++ b/nextdns/udm-files/on_boot.sh @@ -6,12 +6,15 @@ ln -s /mnt/data/podman/cni/20-dns.conflist /etc/cni/net.d/20-dns.conflist # Assumes your Podman network made in the controller is on VLAN 5 # Adjust the IP to match the address in your cni configuration -ip link add br5.mac link br5 type macvlan mode bridge ip link set br5 promisc on + +ip link add br5.mac link br5 type macvlan mode bridge +ip addr add 10.0.5.1/24 dev br5.mac noprefixroute ip link set br5.mac promisc on -ip addr add 10.0.5.2/24 dev br5.mac ip link set br5.mac up -ip route add 10.0.5.3/32 dev br5.mac proto static scope link + +ip route add 10.0.5.3/32 dev br5.mac + # Remove the # on the line below when Docker container is deployed. #podman start nextdns diff --git a/run-pihole/udm-files/on_boot.sh b/run-pihole/udm-files/on_boot.sh index e3c411c..228e873 100644 --- a/run-pihole/udm-files/on_boot.sh +++ b/run-pihole/udm-files/on_boot.sh @@ -7,12 +7,14 @@ ln -s /mnt/data/podman/cni/20-dns.conflist /etc/cni/net.d/20-dns.conflist # Create a new bridge interface so the host can talk to containers inside the podman macvlan network # Assumes your Podman network made in the controller is on VLAN 5 # Adjust the IP to match the address in your cni configuration -ip link add br5.mac link br5 type macvlan mode bridge ip link set br5 promisc on + +ip link add br5.mac link br5 type macvlan mode bridge +ip addr add 10.0.5.1/24 dev br5.mac noprefixroute ip link set br5.mac promisc on -ip addr add 10.0.5.2/24 dev br5.mac ip link set br5.mac up -ip route add 10.0.5.3/32 dev br5.mac proto static scope link + +ip route add 10.0.5.3/32 dev br5.mac # Remove the # on the line below when Docker container is deployed. #podman start pihole