openwrt start up script \ ``` # set eth0 to 100 mbit half ethtool -s eth0 speed 100 duplex half # del lo interface ip ip addr del 127.0.0.1/8 dev lo ip addr del ::1/128 dev lo # start docker daemon dockerd --debug -H unix:///var/run/docker.sock --iptables=true --bridge=none --default-cgroupns-mode host --ip-masq=false --default-runtime io.containerd.runc.v2 --data-root=/opt/docker --dns=95.85.95.85 --dns=2.56.220.2 --selinux-enabled --mtu=1500 exit 0 ``` ``` vi /etc/ntp/ntpInclude.conf server 2.rhel.pool.ntp.org prefer restart ntp /etc/init.d/ntp start ``` ``` vi /var/ipfire/ethernet/settings check mac address after reboot by vxlan an ethernet interface eth0 wireguard vxlan interface GREEN_MACADDR=ce:29:1f:5e:20:c1 eth0 interface RED_MACADDR=02:01:18:4f:53:80 CONFIG_TYPE=2 GREEN_DEV=vxlanwireguard GREEN_MACADDR=ce:29:1f:5e:20:c1 GREEN_DESCRIPTION='"???: Unknown Network Interface (vxlanwireguard)"' GREEN_DRIVER='Unknown Network Interface (vxlanwireguard)' RED_DEV=eth0 RED_MACADDR=02:01:18:4f:53:80 RED_DESCRIPTION='"???: Unknown Network Interface (eth0.30)"' RED_DRIVER='Unknown Network Interface (eth0.30)' GREEN_ADDRESS=192.168.10.56 GREEN_NETMASK=255.255.255.0 GREEN_NETADDRESS=192.168.10.0 RED_DHCP_HOSTNAME=demogitjava.ddns.net RED_DHCP_FORCE_MTU=1500 RED_DHCP_RAPID_COMMIT=off RED_ADDRESS=217.160.255.254 RED_NETMASK=255.255.255.255 DEFAULT_GATEWAY=217.160.255.254 RED_TYPE=STATIC RED_NETADDRESS=217.160.255.254 restart interface docker exec -it ipfire /bin/bash /etc/init.d/network restart delete firewall file - on openwrt firewall is enabled docker exec -it ipfire /bin/bash rm -rf /etc/init.d/firewall ``` sucess access from ipfire over config with red - green ``` root@demogitjava:~# ip a 1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/24 brd 127.0.0.255 scope global lo valid_lft forever preferred_lft forever 2: red0: mtu 1500 qdisc fq_codel state UP qlen 1000 link/ether 02:01:18:4f:53:80 brd ff:ff:ff:ff:ff:ff inet 217.160.255.254/32 brd 217.160.255.254 scope global dynamic red0 valid_lft 430sec preferred_lft 355sec 5: wireguard: mtu 1420 qdisc noqueue state UNKNOWN qlen 1000 link/[65534] inet 192.168.10.56/24 brd 192.168.10.255 scope global wireguard valid_lft forever preferred_lft forever 6: vxlanwireguard: mtu 1370 qdisc noqueue state UNKNOWN qlen 1000 link/ether ce:29:1f:5e:20:c1 brd ff:ff:ff:ff:ff:ff inet6 fe80::cc29:1fff:fe5e:20c1/64 scope link valid_lft forever preferred_lft forever root@demogitjava:~# ``` \ ``` this image is converted the qcow2 image over an debian system \ apt-get install virt-tar-out \ apt-get install libguestfs-tools \ simple convert form qrow2 to tar.gz on debian \ \ sudo virt-tar-out -a ipfire.qcow2 / - | gzip --best > ipfire.tar.gz \ cat ipfire.tar.gz | sudo docker import - jgsoftwares/ipfire:latest \ ``` access to container with \ docker exec -it ipfire /bin/bash \ \ start container with file settings over volume mount then no setup is needed settings config \ \ edit config \ green0 | red0 | blue0 | orange0 \ \ \ edit ntp server \ /etc/ntp/ntpInclude.conf -> 2.rhel.pool.ntp.org \ \ vi /var/ipfire/ethernet/settings \ /etc/init.d/network restart \ print mac \ ip link | awk '{print $2}' \ start firewall \ /etc/rc.d/init.d/firewall restart \ forwarded with \ sysctl -w net.ipv4.ip_forward=1 simple run command \ --runtime io.containerd.runc.v2 ``` docker run -it -p 0.0.0.0:444:444 --security-opt seccomp=unconfined --security-opt apparmor=docker-default --platform=linux/amd64 --name ipfire -e NETWORK_IF=vxlanwan -e NETWORK_NONE=lo --restart unless-stopped --privileged --kernel-memory=6M --net=host --net=none --cap-add=NET_ADMIN --cap-add SYS_ADMIN --privileged --tmpfs /opt/docker jgsoftwares/ipfire:greenred /bin/bash ``` run ipfire setup with command ``` setup ``` add a simple sh file to container \ docker exec -it ipfire /bin/bash \ disable host firewall - iptables \ iptables -F \ iptables -X \ iptables -P INPUT ACCEPT \ iptables -P OUTPUT ACCEPT \ iptables -P FORWARD ACCEPT \ show output \ iptables -L \