setup ssh config over vpn server cloud docker contianer sshcontainer -> port 22 httpfileserver lanserver landingpage derbydb gnome-boxes ipfire --------------DMZ ------- --------------DMZ ------- ipfire openwrt hostsystem ---------------------- wireguard --------------- -> run gnome boxes with mach address over eth0 -> forward container -> ipfire sysctl -w net.ipv4.ip_forward=1 interface Kernel IP routing table - host Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.255.255.1 0.0.0.0 UG 0 0 0 red0 192.168.10.0 192.168.10.56 255.255.255.0 UG 0 0 0 wireguard 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 orange0 client routing table - gnome boxes thinstation Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.178.1 0.0.0.0 UG 100 0 0 eth0 192.168.178.0 0.0.0.0 255.255.255.0 UG 202 0 0 eth0 edit route table to the default route of ipfire green0 route add default gw 192.168.178.13 route del default gw 192.168.178.1 Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.178.13 0.0.0.0 UG 100 0 0 eth0 192.168.178.0 0.0.0.0 255.255.255.0 UG 202 0 0 eth0 a second gnome box with ipfire setup 3 network interface with macbridges eth0 the lan green0 interface is setup with 192.168.178.13 alternative oracle linux9 works with kernel module 5.14.0-570.46.1.0.1.el9_6.x86_64 optional install with dnf install kernel dnf install grubby grubby --update-kernel=ALL --args "loglevel=3,LANG=de_DE.ISO-8859-1" install docker dnf install -y dnf-utils zip unzip dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo dnf remove -y runc dnf install -y docker-ce --nobest start docker with: dockerd --debug -H=unix:///var/run/docker.sock -H=0.0.0.0:2375 --iptables=true --bridge=none --default-cgroupns-mode=host --ip-masq=false --default-runtime io.containerd.runc.v2 --data-root=/opt/docker --dns=95.85.95.85 --dns=2.56.220.2 --selinux-enabled=true --mtu=1500 --tls=false run docker container ipfire docker run -it -p 0.0.0.0:444:444 --security-opt seccomp=unconfined --security-opt apparmor=docker-default --platform=linux/amd64 --name ipfire --restart unless-stopped --privileged --kernel-memory=6M --detach --net=host --cap-add=NET_ADMIN --cap-add SYS_ADMIN --privileged --tmpfs /opt/docker jgsoftwares/ipfire:greenredorange /bin/bash attach to container with docker exec -it ipfire /bin/bash edit settings file -> settings vi /var/ipfire/ethernet/settings edit interface of green0 CONFIG_TYPE=2 GREEN_DEV=eno1 GREEN_MACADDR=e2:3e:c8:2d:3e:1c GREEN_DESCRIPTION='"???: Unknown Network Interface (vxlanwireguard)"' GREEN_MODE=native GREEN_DRIVER='Unknown Network Interface (vxlanwireguard)' GREEN_ADDRESS=192.168.178.25 GREEN_NETMASK=255.255.255.0 GREEN_NETADDRESS=192.168.178.1 save file :w .q for container with sysctl -w net.ipv4.ip_forward=1 type command setup to run the interface setup delte 2 interfaces for green0 red0 add the ip to the interface oragne0 in my case 192.168.178.22 255.255.255.0 [root@localhost ~]# ip a 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback inet 127.0.0.1/24 scope host lo valid_lft forever preferred_lft forever 2: orange0: mtu 1500 qdisc mq state UP group default qlen 1000 link/ether altname enp1s0 inet 192.168.178.22/24 scope global orange0 valid_lft forever preferred_lft forever 3: wlp2s0: mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether [root@localhost ~]# route -n Kernel IP Routentabelle Ziel Router Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.178.1 0.0.0.0 UG 0 0 0 orange0 192.168.178.22 0.0.0.0 255.255.255.0 U 0 0 0 orange0 [root@localhost ~]# ip addr del 127.0.0.1/8 dev lo ip addr del ::1/128 dev lo optional iptables -N raw /etc/init.d/network start /etc/init.d/localnet start /etc/init.d/dhcrelay start /etc/init.d/leds start /etc/init.d/sysctl start /etc/init.d/wlanclient stop