mirror of
https://github.com/unifi-utilities/unifios-utilities.git
synced 2024-08-30 18:32:21 +00:00
Final updates and Ipv6
This commit is contained in:
parent
e4e028e654
commit
bf8e9b75b5
@ -12,15 +12,14 @@
|
||||
### Customization
|
||||
* Feel free to change [20-dns.conflist](../cni-plugins/20-dns.conflist) to change the IP address of the container.
|
||||
* Update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with your own values
|
||||
* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and [10-dnsipv6.sh](../dns-common/on_boot.d/10-dnsipv6.sh). Also, please provide IPv6 servers to podman using --dns arguments.
|
||||
* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with the IPv6 addresses. Also, please provide IPv6 servers to podman using --dns arguments.
|
||||
|
||||
### Steps
|
||||
1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5.
|
||||
2. Install the CNI plugins with by executing [install-cni-plugins.sh](../cni-plugins/install-cni-plugins.sh) on your UDM
|
||||
3. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni. This will create your podman macvlan network
|
||||
4. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
|
||||
5. Execute /mnt/data/on_boot.d/10-dns.sh
|
||||
6. Run the AdguardHome docker container, be sure to make the directories for your persistent AdguardHome configuration. They are mounted as volumes in the command below.
|
||||
1. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
|
||||
1. Execute /mnt/data/on_boot.d/10-dns.sh
|
||||
1. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni. This will create your podman macvlan network
|
||||
1. Run the AdguardHome docker container, be sure to make the directories for your persistent AdguardHome configuration. They are mounted as volumes in the command below.
|
||||
|
||||
```shell script
|
||||
podman run -d --network dns --restart always \
|
||||
|
@ -14,8 +14,8 @@
|
||||
"gateway": "10.0.5.1"
|
||||
},
|
||||
{
|
||||
"address": "fd62:89a2:fda9:e23:0:0:0:2",
|
||||
"gateway": "fd62:89a2:fda9:e23:0:0:0:1"
|
||||
"address": "fd62:89a2:fda9:e23::2/64",
|
||||
"gateway": "fd62:89a2:fda9:e23::1"
|
||||
}
|
||||
],
|
||||
"routes": [
|
||||
|
@ -10,7 +10,12 @@ IPV4_GW="10.0.5.1/24"
|
||||
# the 20-dns.conflist is updated appropriately. It will need the IP and GW
|
||||
# added along with a ::/0 route. Also make sure that additional --dns options
|
||||
# are passed to podman with your IPv6 DNS IPs when deploying the container for
|
||||
# the first time.
|
||||
# the first time. You will also need to configure your VLAN to have a static
|
||||
# IPv6 block.
|
||||
|
||||
# IPv6 Also works with Prefix Delegation from your provider. The gateway is the
|
||||
# IP of br(VLAN) and you can pick any ip address within that subnet that dhcpv6
|
||||
# isn't serving
|
||||
IPV6_IP=""
|
||||
IPV6_GW=""
|
||||
|
||||
@ -23,10 +28,22 @@ FORCED_INTFC=""
|
||||
CONTAINER=nextdns
|
||||
|
||||
## network configuration and startup:
|
||||
CNI_PATH=/mnt/data/podman/cni
|
||||
if [ ! -f "$CNI_PATH"/macvlan ]
|
||||
then
|
||||
mkdir -p $CNI_PATH
|
||||
curl -L https://github.com/containernetworking/plugins/releases/download/v0.8.6/cni-plugins-linux-arm64-v0.8.6.tgz | tar -xz -C $CNI_PATH
|
||||
fi
|
||||
|
||||
mkdir -p /opt/cni
|
||||
ln -s /mnt/data/podman/cni/ /opt/cni/bin
|
||||
ln -s /mnt/data/podman/cni/20-dnsipv6.conflist /etc/cni/net.d/20-dnsipv6.conflist
|
||||
ln -s $CNI_PATH /opt/cni/bin
|
||||
|
||||
for file in "$CNI_PATH"/*.conflist
|
||||
do
|
||||
if [ -f "$file" ]; then
|
||||
ln -s "$file" "/etc/cni/net.d/$(basename "$file")"
|
||||
fi
|
||||
done
|
||||
|
||||
# set VLAN bridge promiscuous
|
||||
ip link set br${VLAN} promisc on
|
||||
@ -52,24 +69,30 @@ if [ -n "${IPV6_IP}" ]; then
|
||||
ip -6 route add ${IPV6_IP}/128 dev br${VLAN}.mac
|
||||
fi
|
||||
|
||||
podman container exists ${CONTAINER} && podman start ${CONTAINER}
|
||||
if podman container exists ${CONTAINER}; then
|
||||
podman start ${CONTAINER}
|
||||
else
|
||||
echo "Container $CONTAINER not found, make sure you set the proper name, if you have you can ignore this error"
|
||||
fi
|
||||
|
||||
# (optional) IPv4 force DNS (TCP/UDP 53) through DNS container
|
||||
for intfc in ${FORCED_INTFC}; do
|
||||
for proto in udp tcp; do
|
||||
prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV4_IP} ! -d ${IPV4_IP} --dport 53 -j DNAT --to ${IPV4_IP}"
|
||||
iptables -t nat -C ${prerouting_rule} || iptables -t nat -A ${prerouting_rule}
|
||||
if [ -d "/sys/class/net/${intfc}" ]; then
|
||||
for proto in udp tcp; do
|
||||
prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV4_IP} ! -d ${IPV4_IP} --dport 53 -j DNAT --to ${IPV4_IP}"
|
||||
iptables -t nat -C ${prerouting_rule} || iptables -t nat -A ${prerouting_rule}
|
||||
|
||||
postrouting_rule="POSTROUTING -o ${intfc} -d ${IPV4_IP} -p ${proto} --dport 53 -j MASQUERADE"
|
||||
iptables -t nat -C ${postrouting_rule} || iptables -t nat -A ${postrouting_rule}
|
||||
postrouting_rule="POSTROUTING -o ${intfc} -d ${IPV4_IP} -p ${proto} --dport 53 -j MASQUERADE"
|
||||
iptables -t nat -C ${postrouting_rule} || iptables -t nat -A ${postrouting_rule}
|
||||
|
||||
# (optional) IPv6 force DNS (TCP/UDP 53) through DNS container
|
||||
if [ -n "${IPV6_IP}" ]; then
|
||||
prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV6_IP} ! -d ${IPV6_IP} --dport 53 -j DNAT --to ${IPV6_IP}"
|
||||
ip6tables -t nat -C ${prerouting_rule} || ip6tables -t nat -A ${prerouting_rule}
|
||||
# (optional) IPv6 force DNS (TCP/UDP 53) through DNS container
|
||||
if [ -n "${IPV6_IP}" ]; then
|
||||
prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV6_IP} ! -d ${IPV6_IP} --dport 53 -j DNAT --to ${IPV6_IP}"
|
||||
ip6tables -t nat -C ${prerouting_rule} || ip6tables -t nat -A ${prerouting_rule}
|
||||
|
||||
postrouting_rule="POSTROUTING -o ${intfc} -d ${IPV6_IP} -p ${proto} --dport 53 -j MASQUERADE"
|
||||
ip6tables -t nat -C ${postrouting_rule} || ip6tables -t nat -A ${postrouting_rule}
|
||||
fi
|
||||
done
|
||||
postrouting_rule="POSTROUTING -o ${intfc} -d ${IPV6_IP} -p ${proto} --dport 53 -j MASQUERADE"
|
||||
ip6tables -t nat -C ${postrouting_rule} || ip6tables -t nat -A ${postrouting_rule}
|
||||
fi
|
||||
done
|
||||
fi
|
||||
done
|
||||
|
@ -1,75 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
## configuration variables:
|
||||
VLAN=5
|
||||
IPV4_IP="10.0.5.3"
|
||||
IPV4_GW="10.0.5.1/24"
|
||||
|
||||
# if you want IPv6 support, generate a ULA, select an IP for the dns server
|
||||
# and an appropriate gateway address on the same /64 network. Make sure that
|
||||
# the 20-dns.conflist is updated appropriately. It will need the IP and GW
|
||||
# added along with a ::/0 route. Also make sure that additional --dns options
|
||||
# are passed to podman with your IPv6 DNS IPs when deploying the container for
|
||||
# the first time.
|
||||
IPV6_IP="fd62:89a2:fda9:e23:0:0:0:2"
|
||||
IPV6_GW="fd62:89a2:fda9:e23:0:0:0:1"
|
||||
|
||||
# set this to the interface(s) on which you want DNS TCP/UDP port 53 traffic
|
||||
# re-routed through the DNS container. separate interfaces with spaces.
|
||||
# e.g. "br0" or "br0 br1" etc.
|
||||
FORCED_INTFC=""
|
||||
|
||||
# container name; e.g. nextdns, pihole, adguardhome, etc.
|
||||
CONTAINER=nextdns
|
||||
|
||||
## network configuration and startup:
|
||||
|
||||
mkdir -p /opt/cni
|
||||
ln -s /mnt/data/podman/cni/ /opt/cni/bin
|
||||
ln -s /mnt/data/podman/cni/20-dns.conflist /etc/cni/net.d/20-dns.conflist
|
||||
|
||||
# set VLAN bridge promiscuous
|
||||
ip link set br${VLAN} promisc on
|
||||
|
||||
# create macvlan bridge and add IPv4 IP
|
||||
ip link add br${VLAN}.mac link br${VLAN} type macvlan mode bridge
|
||||
ip addr add ${IPV4_GW} dev br${VLAN}.mac noprefixroute
|
||||
|
||||
# (optional) add IPv6 IP to VLAN bridge macvlan bridge
|
||||
if [ -n "${IPV6_GW}" ]; then
|
||||
ip -6 addr add ${IPV6_GW} dev br${VLAN}.mac noprefixroute
|
||||
fi
|
||||
|
||||
# set macvlan bridge promiscuous and bring it up
|
||||
ip link set br${VLAN}.mac promisc on
|
||||
ip link set br${VLAN}.mac up
|
||||
|
||||
# add IPv4 route to DNS container
|
||||
ip route add ${IPV4_IP}/32 dev br${VLAN}.mac
|
||||
|
||||
# (optional) add IPv6 route to DNS container
|
||||
if [ -n "${IPV6_IP}" ]; then
|
||||
ip -6 route add ${IPV6_IP}/128 dev br${VLAN}.mac
|
||||
fi
|
||||
|
||||
podman container exists ${CONTAINER} && podman start ${CONTAINER}
|
||||
|
||||
# (optional) IPv4 force DNS (TCP/UDP 53) through DNS container
|
||||
for intfc in ${FORCED_INTFC}; do
|
||||
for proto in udp tcp; do
|
||||
prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV4_IP} ! -d ${IPV4_IP} --dport 53 -j DNAT --to ${IPV4_IP}"
|
||||
iptables -t nat -C ${prerouting_rule} || iptables -t nat -A ${prerouting_rule}
|
||||
|
||||
postrouting_rule="POSTROUTING -o ${intfc} -d ${IPV4_IP} -p ${proto} --dport 53 -j MASQUERADE"
|
||||
iptables -t nat -C ${postrouting_rule} || iptables -t nat -A ${postrouting_rule}
|
||||
|
||||
# (optional) IPv6 force DNS (TCP/UDP 53) through DNS container
|
||||
if [ -n "${IPV6_IP}" ]; then
|
||||
prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV6_IP} ! -d ${IPV6_IP} --dport 53 -j DNAT --to ${IPV6_IP}"
|
||||
ip6tables -t nat -C ${prerouting_rule} || ip6tables -t nat -A ${prerouting_rule}
|
||||
|
||||
postrouting_rule="POSTROUTING -o ${intfc} -d ${IPV6_IP} -p ${proto} --dport 53 -j MASQUERADE"
|
||||
ip6tables -t nat -C ${postrouting_rule} || ip6tables -t nat -A ${postrouting_rule}
|
||||
fi
|
||||
done
|
||||
done
|
@ -15,7 +15,7 @@
|
||||
* The NextDNS docker image is not supported by NextDNS. It is built out of this repo. If you make any enhancements please contribute back via a Pull Request.
|
||||
* If you want to inject custom DNS names into NextDNS use --add-host docker commands. The /etc/resolv.conf and /etc/hosts is generated from that and --dns.
|
||||
* Edit [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) and update its values to reflect your environment (specifically the container name)
|
||||
* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and [10-dnsipv6.sh](../dns-common/on_boot.d/10-dnsipv6.sh). Also, please provide IPv6 servers to podman using --dns arguments.
|
||||
* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with the IPv6 addresses. Also, please provide IPv6 servers to podman using --dns arguments.
|
||||
|
||||
### Docker
|
||||
The official repo is boostchicken/nextdns-udm. Latest will always refer to the latest builds, there are also tags for each NextDNS release (e.g. 1.6.4).
|
||||
@ -33,12 +33,11 @@ docker buildx build --platform linux/arm64 -t nextdns-udm:latest .
|
||||
If you have already installed PiHole, skip right to step 6.
|
||||
|
||||
1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5.
|
||||
2. Install the CNI plugins with by executing [install-cni-plugins.sh](../cni-plugins/install-cni-plugins.sh) on your UDM
|
||||
3. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni. This will create your podman macvlan network
|
||||
4. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
|
||||
5. Execute /mnt/data/on_boot.d/10-dns.sh
|
||||
6. Create /mnt/data/nextdns and copy [nextdns.conf](udm-files/nextdns.conf) to it.
|
||||
7. Run the NextDNS docker container. Mounting dbus and running in privileged is only required for mDNS. Also, please change the --dns arguments to whatever was provided by NextDNS.
|
||||
2. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
|
||||
3. Execute /mnt/data/on_boot.d/10-dns.sh
|
||||
4. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni. This will create your podman macvlan network
|
||||
5. Create /mnt/data/nextdns and copy [nextdns.conf](udm-files/nextdns.conf) to it.
|
||||
6. Run the NextDNS docker container. Mounting dbus and running in privileged is only required for mDNS. Also, please change the --dns arguments to whatever was provided by NextDNS.
|
||||
```shell script
|
||||
podman run -d -it --privileged --network dns --restart always \
|
||||
--name nextdns \
|
||||
@ -49,5 +48,5 @@ If you have already installed PiHole, skip right to step 6.
|
||||
--hostname nextdns \
|
||||
boostchicken/nextdns-udm:latest
|
||||
```
|
||||
8. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.
|
||||
7. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#!/bin/sh
|
||||
|
||||
echo "Creating on boot script on device"
|
||||
echo "#!/bin/sh
|
||||
echo '#!/bin/sh
|
||||
|
||||
if [ -d /mnt/data/on_boot.d ]; then
|
||||
for i in /mnt/data/on_boot.d/*.sh; do
|
||||
@ -10,7 +10,8 @@ if [ -d /mnt/data/on_boot.d ]; then
|
||||
fi
|
||||
done
|
||||
fi
|
||||
" > /mnt/data/20-python.sh
|
||||
' > /mnt/data/on_boot.sh
|
||||
|
||||
chmod u+x /mnt/data/on_boot.sh
|
||||
mkdir -p /mnt/data/on_boot.d
|
||||
|
||||
|
@ -11,15 +11,14 @@
|
||||
### Customization
|
||||
* Feel free to change [20-dns.conflist](../cni-plugins/20-dns.conflist) to change the IP address of the container.
|
||||
* Update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with your own values
|
||||
* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and [10-dnsipv6.sh](../dns-common/on_boot.d/10-dnsipv6.sh) and change the docker command to IPv6=True. Also, please provide IPv6 servers to podman using --dns arguments.
|
||||
* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with the IPv6 addresses. Also, please provide IPv6 servers to podman using --dns arguments.
|
||||
|
||||
### Steps
|
||||
1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5.
|
||||
2. Install the CNI plugins with by executing [install-cni-plugins.sh](../cni-plugins/install-cni-plugins.sh) on your UDM
|
||||
3. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni. This will create your podman macvlan network
|
||||
4. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
|
||||
5. Execute /mnt/data/on_boot.d/10-dns.sh
|
||||
6. Run the pihole docker container, be sure to make the directories for your persistent pihole configuration. They are mounted as volumes in the command below.
|
||||
2. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
|
||||
3. Execute /mnt/data/on_boot.d/10-dns.sh
|
||||
4. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni. This will create your podman macvlan network
|
||||
5. Run the pihole docker container, be sure to make the directories for your persistent pihole configuration. They are mounted as volumes in the command below.
|
||||
|
||||
```shell script
|
||||
podman run -d --network dns --restart always \
|
||||
|
Loading…
Reference in New Issue
Block a user