mirror of
https://github.com/unifi-utilities/unifios-utilities.git
synced 2024-08-30 18:32:21 +00:00
Final updates and Ipv6
This commit is contained in:
parent
e4e028e654
commit
bf8e9b75b5
@ -12,15 +12,14 @@
|
|||||||
### Customization
|
### Customization
|
||||||
* Feel free to change [20-dns.conflist](../cni-plugins/20-dns.conflist) to change the IP address of the container.
|
* Feel free to change [20-dns.conflist](../cni-plugins/20-dns.conflist) to change the IP address of the container.
|
||||||
* Update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with your own values
|
* Update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with your own values
|
||||||
* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and [10-dnsipv6.sh](../dns-common/on_boot.d/10-dnsipv6.sh). Also, please provide IPv6 servers to podman using --dns arguments.
|
* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with the IPv6 addresses. Also, please provide IPv6 servers to podman using --dns arguments.
|
||||||
|
|
||||||
### Steps
|
### Steps
|
||||||
1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5.
|
1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5.
|
||||||
2. Install the CNI plugins with by executing [install-cni-plugins.sh](../cni-plugins/install-cni-plugins.sh) on your UDM
|
1. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
|
||||||
3. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni. This will create your podman macvlan network
|
1. Execute /mnt/data/on_boot.d/10-dns.sh
|
||||||
4. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
|
1. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni. This will create your podman macvlan network
|
||||||
5. Execute /mnt/data/on_boot.d/10-dns.sh
|
1. Run the AdguardHome docker container, be sure to make the directories for your persistent AdguardHome configuration. They are mounted as volumes in the command below.
|
||||||
6. Run the AdguardHome docker container, be sure to make the directories for your persistent AdguardHome configuration. They are mounted as volumes in the command below.
|
|
||||||
|
|
||||||
```shell script
|
```shell script
|
||||||
podman run -d --network dns --restart always \
|
podman run -d --network dns --restart always \
|
||||||
|
@ -14,8 +14,8 @@
|
|||||||
"gateway": "10.0.5.1"
|
"gateway": "10.0.5.1"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"address": "fd62:89a2:fda9:e23:0:0:0:2",
|
"address": "fd62:89a2:fda9:e23::2/64",
|
||||||
"gateway": "fd62:89a2:fda9:e23:0:0:0:1"
|
"gateway": "fd62:89a2:fda9:e23::1"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"routes": [
|
"routes": [
|
||||||
|
@ -10,7 +10,12 @@ IPV4_GW="10.0.5.1/24"
|
|||||||
# the 20-dns.conflist is updated appropriately. It will need the IP and GW
|
# the 20-dns.conflist is updated appropriately. It will need the IP and GW
|
||||||
# added along with a ::/0 route. Also make sure that additional --dns options
|
# added along with a ::/0 route. Also make sure that additional --dns options
|
||||||
# are passed to podman with your IPv6 DNS IPs when deploying the container for
|
# are passed to podman with your IPv6 DNS IPs when deploying the container for
|
||||||
# the first time.
|
# the first time. You will also need to configure your VLAN to have a static
|
||||||
|
# IPv6 block.
|
||||||
|
|
||||||
|
# IPv6 Also works with Prefix Delegation from your provider. The gateway is the
|
||||||
|
# IP of br(VLAN) and you can pick any ip address within that subnet that dhcpv6
|
||||||
|
# isn't serving
|
||||||
IPV6_IP=""
|
IPV6_IP=""
|
||||||
IPV6_GW=""
|
IPV6_GW=""
|
||||||
|
|
||||||
@ -23,10 +28,22 @@ FORCED_INTFC=""
|
|||||||
CONTAINER=nextdns
|
CONTAINER=nextdns
|
||||||
|
|
||||||
## network configuration and startup:
|
## network configuration and startup:
|
||||||
|
CNI_PATH=/mnt/data/podman/cni
|
||||||
|
if [ ! -f "$CNI_PATH"/macvlan ]
|
||||||
|
then
|
||||||
|
mkdir -p $CNI_PATH
|
||||||
|
curl -L https://github.com/containernetworking/plugins/releases/download/v0.8.6/cni-plugins-linux-arm64-v0.8.6.tgz | tar -xz -C $CNI_PATH
|
||||||
|
fi
|
||||||
|
|
||||||
mkdir -p /opt/cni
|
mkdir -p /opt/cni
|
||||||
ln -s /mnt/data/podman/cni/ /opt/cni/bin
|
ln -s $CNI_PATH /opt/cni/bin
|
||||||
ln -s /mnt/data/podman/cni/20-dnsipv6.conflist /etc/cni/net.d/20-dnsipv6.conflist
|
|
||||||
|
for file in "$CNI_PATH"/*.conflist
|
||||||
|
do
|
||||||
|
if [ -f "$file" ]; then
|
||||||
|
ln -s "$file" "/etc/cni/net.d/$(basename "$file")"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
# set VLAN bridge promiscuous
|
# set VLAN bridge promiscuous
|
||||||
ip link set br${VLAN} promisc on
|
ip link set br${VLAN} promisc on
|
||||||
@ -52,10 +69,15 @@ if [ -n "${IPV6_IP}" ]; then
|
|||||||
ip -6 route add ${IPV6_IP}/128 dev br${VLAN}.mac
|
ip -6 route add ${IPV6_IP}/128 dev br${VLAN}.mac
|
||||||
fi
|
fi
|
||||||
|
|
||||||
podman container exists ${CONTAINER} && podman start ${CONTAINER}
|
if podman container exists ${CONTAINER}; then
|
||||||
|
podman start ${CONTAINER}
|
||||||
|
else
|
||||||
|
echo "Container $CONTAINER not found, make sure you set the proper name, if you have you can ignore this error"
|
||||||
|
fi
|
||||||
|
|
||||||
# (optional) IPv4 force DNS (TCP/UDP 53) through DNS container
|
# (optional) IPv4 force DNS (TCP/UDP 53) through DNS container
|
||||||
for intfc in ${FORCED_INTFC}; do
|
for intfc in ${FORCED_INTFC}; do
|
||||||
|
if [ -d "/sys/class/net/${intfc}" ]; then
|
||||||
for proto in udp tcp; do
|
for proto in udp tcp; do
|
||||||
prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV4_IP} ! -d ${IPV4_IP} --dport 53 -j DNAT --to ${IPV4_IP}"
|
prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV4_IP} ! -d ${IPV4_IP} --dport 53 -j DNAT --to ${IPV4_IP}"
|
||||||
iptables -t nat -C ${prerouting_rule} || iptables -t nat -A ${prerouting_rule}
|
iptables -t nat -C ${prerouting_rule} || iptables -t nat -A ${prerouting_rule}
|
||||||
@ -72,4 +94,5 @@ for intfc in ${FORCED_INTFC}; do
|
|||||||
ip6tables -t nat -C ${postrouting_rule} || ip6tables -t nat -A ${postrouting_rule}
|
ip6tables -t nat -C ${postrouting_rule} || ip6tables -t nat -A ${postrouting_rule}
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
|
@ -1,75 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
## configuration variables:
|
|
||||||
VLAN=5
|
|
||||||
IPV4_IP="10.0.5.3"
|
|
||||||
IPV4_GW="10.0.5.1/24"
|
|
||||||
|
|
||||||
# if you want IPv6 support, generate a ULA, select an IP for the dns server
|
|
||||||
# and an appropriate gateway address on the same /64 network. Make sure that
|
|
||||||
# the 20-dns.conflist is updated appropriately. It will need the IP and GW
|
|
||||||
# added along with a ::/0 route. Also make sure that additional --dns options
|
|
||||||
# are passed to podman with your IPv6 DNS IPs when deploying the container for
|
|
||||||
# the first time.
|
|
||||||
IPV6_IP="fd62:89a2:fda9:e23:0:0:0:2"
|
|
||||||
IPV6_GW="fd62:89a2:fda9:e23:0:0:0:1"
|
|
||||||
|
|
||||||
# set this to the interface(s) on which you want DNS TCP/UDP port 53 traffic
|
|
||||||
# re-routed through the DNS container. separate interfaces with spaces.
|
|
||||||
# e.g. "br0" or "br0 br1" etc.
|
|
||||||
FORCED_INTFC=""
|
|
||||||
|
|
||||||
# container name; e.g. nextdns, pihole, adguardhome, etc.
|
|
||||||
CONTAINER=nextdns
|
|
||||||
|
|
||||||
## network configuration and startup:
|
|
||||||
|
|
||||||
mkdir -p /opt/cni
|
|
||||||
ln -s /mnt/data/podman/cni/ /opt/cni/bin
|
|
||||||
ln -s /mnt/data/podman/cni/20-dns.conflist /etc/cni/net.d/20-dns.conflist
|
|
||||||
|
|
||||||
# set VLAN bridge promiscuous
|
|
||||||
ip link set br${VLAN} promisc on
|
|
||||||
|
|
||||||
# create macvlan bridge and add IPv4 IP
|
|
||||||
ip link add br${VLAN}.mac link br${VLAN} type macvlan mode bridge
|
|
||||||
ip addr add ${IPV4_GW} dev br${VLAN}.mac noprefixroute
|
|
||||||
|
|
||||||
# (optional) add IPv6 IP to VLAN bridge macvlan bridge
|
|
||||||
if [ -n "${IPV6_GW}" ]; then
|
|
||||||
ip -6 addr add ${IPV6_GW} dev br${VLAN}.mac noprefixroute
|
|
||||||
fi
|
|
||||||
|
|
||||||
# set macvlan bridge promiscuous and bring it up
|
|
||||||
ip link set br${VLAN}.mac promisc on
|
|
||||||
ip link set br${VLAN}.mac up
|
|
||||||
|
|
||||||
# add IPv4 route to DNS container
|
|
||||||
ip route add ${IPV4_IP}/32 dev br${VLAN}.mac
|
|
||||||
|
|
||||||
# (optional) add IPv6 route to DNS container
|
|
||||||
if [ -n "${IPV6_IP}" ]; then
|
|
||||||
ip -6 route add ${IPV6_IP}/128 dev br${VLAN}.mac
|
|
||||||
fi
|
|
||||||
|
|
||||||
podman container exists ${CONTAINER} && podman start ${CONTAINER}
|
|
||||||
|
|
||||||
# (optional) IPv4 force DNS (TCP/UDP 53) through DNS container
|
|
||||||
for intfc in ${FORCED_INTFC}; do
|
|
||||||
for proto in udp tcp; do
|
|
||||||
prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV4_IP} ! -d ${IPV4_IP} --dport 53 -j DNAT --to ${IPV4_IP}"
|
|
||||||
iptables -t nat -C ${prerouting_rule} || iptables -t nat -A ${prerouting_rule}
|
|
||||||
|
|
||||||
postrouting_rule="POSTROUTING -o ${intfc} -d ${IPV4_IP} -p ${proto} --dport 53 -j MASQUERADE"
|
|
||||||
iptables -t nat -C ${postrouting_rule} || iptables -t nat -A ${postrouting_rule}
|
|
||||||
|
|
||||||
# (optional) IPv6 force DNS (TCP/UDP 53) through DNS container
|
|
||||||
if [ -n "${IPV6_IP}" ]; then
|
|
||||||
prerouting_rule="PREROUTING -i ${intfc} -p ${proto} ! -s ${IPV6_IP} ! -d ${IPV6_IP} --dport 53 -j DNAT --to ${IPV6_IP}"
|
|
||||||
ip6tables -t nat -C ${prerouting_rule} || ip6tables -t nat -A ${prerouting_rule}
|
|
||||||
|
|
||||||
postrouting_rule="POSTROUTING -o ${intfc} -d ${IPV6_IP} -p ${proto} --dport 53 -j MASQUERADE"
|
|
||||||
ip6tables -t nat -C ${postrouting_rule} || ip6tables -t nat -A ${postrouting_rule}
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
done
|
|
@ -15,7 +15,7 @@
|
|||||||
* The NextDNS docker image is not supported by NextDNS. It is built out of this repo. If you make any enhancements please contribute back via a Pull Request.
|
* The NextDNS docker image is not supported by NextDNS. It is built out of this repo. If you make any enhancements please contribute back via a Pull Request.
|
||||||
* If you want to inject custom DNS names into NextDNS use --add-host docker commands. The /etc/resolv.conf and /etc/hosts is generated from that and --dns.
|
* If you want to inject custom DNS names into NextDNS use --add-host docker commands. The /etc/resolv.conf and /etc/hosts is generated from that and --dns.
|
||||||
* Edit [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) and update its values to reflect your environment (specifically the container name)
|
* Edit [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) and update its values to reflect your environment (specifically the container name)
|
||||||
* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and [10-dnsipv6.sh](../dns-common/on_boot.d/10-dnsipv6.sh). Also, please provide IPv6 servers to podman using --dns arguments.
|
* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with the IPv6 addresses. Also, please provide IPv6 servers to podman using --dns arguments.
|
||||||
|
|
||||||
### Docker
|
### Docker
|
||||||
The official repo is boostchicken/nextdns-udm. Latest will always refer to the latest builds, there are also tags for each NextDNS release (e.g. 1.6.4).
|
The official repo is boostchicken/nextdns-udm. Latest will always refer to the latest builds, there are also tags for each NextDNS release (e.g. 1.6.4).
|
||||||
@ -33,12 +33,11 @@ docker buildx build --platform linux/arm64 -t nextdns-udm:latest .
|
|||||||
If you have already installed PiHole, skip right to step 6.
|
If you have already installed PiHole, skip right to step 6.
|
||||||
|
|
||||||
1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5.
|
1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5.
|
||||||
2. Install the CNI plugins with by executing [install-cni-plugins.sh](../cni-plugins/install-cni-plugins.sh) on your UDM
|
2. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
|
||||||
3. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni. This will create your podman macvlan network
|
3. Execute /mnt/data/on_boot.d/10-dns.sh
|
||||||
4. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
|
4. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni. This will create your podman macvlan network
|
||||||
5. Execute /mnt/data/on_boot.d/10-dns.sh
|
5. Create /mnt/data/nextdns and copy [nextdns.conf](udm-files/nextdns.conf) to it.
|
||||||
6. Create /mnt/data/nextdns and copy [nextdns.conf](udm-files/nextdns.conf) to it.
|
6. Run the NextDNS docker container. Mounting dbus and running in privileged is only required for mDNS. Also, please change the --dns arguments to whatever was provided by NextDNS.
|
||||||
7. Run the NextDNS docker container. Mounting dbus and running in privileged is only required for mDNS. Also, please change the --dns arguments to whatever was provided by NextDNS.
|
|
||||||
```shell script
|
```shell script
|
||||||
podman run -d -it --privileged --network dns --restart always \
|
podman run -d -it --privileged --network dns --restart always \
|
||||||
--name nextdns \
|
--name nextdns \
|
||||||
@ -49,5 +48,5 @@ If you have already installed PiHole, skip right to step 6.
|
|||||||
--hostname nextdns \
|
--hostname nextdns \
|
||||||
boostchicken/nextdns-udm:latest
|
boostchicken/nextdns-udm:latest
|
||||||
```
|
```
|
||||||
8. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.
|
7. Update your DNS Servers to 10.0.5.3 (or your custom ip) in all your DHCP configs.
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
echo "Creating on boot script on device"
|
echo "Creating on boot script on device"
|
||||||
echo "#!/bin/sh
|
echo '#!/bin/sh
|
||||||
|
|
||||||
if [ -d /mnt/data/on_boot.d ]; then
|
if [ -d /mnt/data/on_boot.d ]; then
|
||||||
for i in /mnt/data/on_boot.d/*.sh; do
|
for i in /mnt/data/on_boot.d/*.sh; do
|
||||||
@ -10,7 +10,8 @@ if [ -d /mnt/data/on_boot.d ]; then
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
" > /mnt/data/20-python.sh
|
' > /mnt/data/on_boot.sh
|
||||||
|
|
||||||
chmod u+x /mnt/data/on_boot.sh
|
chmod u+x /mnt/data/on_boot.sh
|
||||||
mkdir -p /mnt/data/on_boot.d
|
mkdir -p /mnt/data/on_boot.d
|
||||||
|
|
||||||
|
@ -11,15 +11,14 @@
|
|||||||
### Customization
|
### Customization
|
||||||
* Feel free to change [20-dns.conflist](../cni-plugins/20-dns.conflist) to change the IP address of the container.
|
* Feel free to change [20-dns.conflist](../cni-plugins/20-dns.conflist) to change the IP address of the container.
|
||||||
* Update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with your own values
|
* Update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with your own values
|
||||||
* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and [10-dnsipv6.sh](../dns-common/on_boot.d/10-dnsipv6.sh) and change the docker command to IPv6=True. Also, please provide IPv6 servers to podman using --dns arguments.
|
* If you want IPv6 support use [20-dnsipv6.conflist](../cni-plugins/20-dnsipv6.conflist) and update [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) with the IPv6 addresses. Also, please provide IPv6 servers to podman using --dns arguments.
|
||||||
|
|
||||||
### Steps
|
### Steps
|
||||||
1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5.
|
1. On your controller, make a Corporate network with no DHCP server and give it a VLAN. For this example we are using VLAN 5.
|
||||||
2. Install the CNI plugins with by executing [install-cni-plugins.sh](../cni-plugins/install-cni-plugins.sh) on your UDM
|
2. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
|
||||||
3. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni. This will create your podman macvlan network
|
3. Execute /mnt/data/on_boot.d/10-dns.sh
|
||||||
4. Copy [10-dns.sh](../dns-common/on_boot.d/10-dns.sh) to /mnt/data/on_boot.d and update its values to reflect your environment
|
4. Copy [20-dns.conflist](../cni-plugins/20-dns.conflist) to /mnt/data/podman/cni. This will create your podman macvlan network
|
||||||
5. Execute /mnt/data/on_boot.d/10-dns.sh
|
5. Run the pihole docker container, be sure to make the directories for your persistent pihole configuration. They are mounted as volumes in the command below.
|
||||||
6. Run the pihole docker container, be sure to make the directories for your persistent pihole configuration. They are mounted as volumes in the command below.
|
|
||||||
|
|
||||||
```shell script
|
```shell script
|
||||||
podman run -d --network dns --restart always \
|
podman run -d --network dns --restart always \
|
||||||
|
Loading…
x
Reference in New Issue
Block a user