used Handy´s for Wiregaurd vpn \ Doogee S61 PRO \ Motorola Edge 30 Neo ``` optional start docker in debug mode if other process are running kill -9 PID docker local start up script # set eth0 to 100 mbit half ethtool -s eth0 speed 100 duplex half dockerd --debug -H unix:///var/run/docker.sock --iptables=true --bridge=none --default-cgroupns-mode host --ip-masq=false --default-runtime io.containerd.runc.v2 --data-root=/opt/docker --dns=95.85.95.85 --dns=2.56.220.2 --selinux-enabled --mtu=1500 exit 0 disable route on routing table show route with -> route -n disable docker0 router with \ ifconfig docker0 down \ ``` simple config of openwrt - backup look: the default password is jj78mvpr52k1 -> the keys over wireguard has to be changed \ http://demogitjava.ddns.net:8000/vxlanbackup-demogitjava.ddns.net-2025-08-25.tar.gz⁠ \ simple docker deamon \ --> delete docker0 route all container are running as host \ ip link delete docker0 \ \ > http://demogitjava.ddns.net:8000/openwrt/daemon.json \ ``` { "iptables": true, "icc": false, "debug": false, "experimental": false, "selinux-enabled": true, "mtu":1500, "bip": "192.160.10.1/24", "data-root": "/opt/docker", "default-runtime": "io.containerd.runc.v2", "hosts": ["tcp://192.168.10.56:2375", "unix:///var/run/docker.sock"], "default-address-pools": [ { "base": "192.168.10.0/24", "size": 254 } ] } ``` > if other process are running \ kill -9 PID \ and then run the docker with command \ dockerd --debug -H unix:///var/run/docker-bootstrap.sock --iptables=true --bridge=none --data-root=/opt/docker \ disable route on routing table \ show route with -> route -n \ disable docker0 router with \ ifconfig docker0 down \ > /etc/config/dockerd \ ``` config globals 'globals' option remote_endpoint '0' option remote_host '192.168.10.56' option remote_port '2375' option data_root '/opt/docker' option bip '192.168.10.56/24' list registry_mirrors 'https://registry-1.docker.io' list hosts 'tcp://192.168.10.56:2375' list hosts 'unix:///var/run/docker.sock' config firewall 'firewall' option device 'docker0' list blocked_interfaces 'wan' option extra_iptables_args '--match conntrack ! --ctstate RELATED,ESTABLISHED' ``` the config for board.json \ path /etc/ and \ /tmp \ > http://demogitjava.ddns.net:8000/openwrt/board.json \ \ > edit dockerd /etc/config/dockerd \ > 'option iptables = 1' \ \ > the openwrt backup is forwarded with sysctl net.ipv4.ip_forward=1 over > wireguard website browsing in enabled > to disable \ > `sysctl -w net.ipv4.ip_forward=0` \ > `sysctl -w net.ipv6.conf.all.disable_ipv6=0` \ > `sysctl -w net.ipv4.conf.all.src_valid_mark=1` \ > delete wireguard route \ > route del -net 10.8.0.0 netmask 255.255.255.0 gw 0.0.0.0 \ > route del -net 10.255.255.1 netmask 255.255.255.255 gw 0.0.0.0 \ > ifconfig docker0 down \ > bridge network in host mode not needed \ > ifconfig docker0 down \ ssh x11 session \ \ > or enable with \ > `sysctl -w net.ipv4.ip_forward=1` \ > `sysctl -w net.ipv6.conf.all.disable_ipv6=0` \ > `sysctl -w net.ipv4.conf.all.src_valid_mark=1` \ delete wireguard route \ route del -net 10.8.0.0 netmask 255.255.255.0 gw 0.0.0.0 \ route del -net 10.255.255.1 netmask 255.255.255.255 gw 0.0.0.0 \ bridge network in host mode not needed \ ifconfig docker0 down \ vpn with handy and internet support \ fix - error´s to backup openwrt -> edit - if error message over ssh connect with by using backup X11 forwarding request failed on channel 0 Warning: This program is an suid-root program or is being run by the root user. The full text of the error or warning message cannot be safely formatted in this environment. You may get a more descriptive message by running the program as a non-root user or by removing the suid bit on the executable. xterm: Xt error: Can't open display: %s xterm: DISPLAY is not set Connection to 192.168.10.56 closed. edit file /etc/ssh/sshd_config -> X11UseLocalhost no \ start with only ip4 -> AddressFamily inet \ a simple ssh_config for Thinstation http://demogitjava.ddns.net:8000/openwrt/ssh_config \ > stop service over openwrt panel \ > system-> startup \ > stop service -> dnsmasq and dropbear \ under /etc/config/network the loopback interface is set with config interface 'lo' #list dns '8.8.8.8' \ #list dns '8.8.4.4' is to disable \ alternative add option to disable ipv6 all interfaces with \ option ipv6 '0' \ the openssh server is started with ipv6 ::22 \ to deltete this process \ kill -9 PID \ \ the openwrt backup is forwarded with sysctl net.ipv4.ip_forward=1 over wireguard website browsing in enabled to disable sysctl -w net.ipv4.ip_forward=0 sysctl -w net.ipv6.conf.all.disable_ipv6=0 or enable with sysctl -w net.ipv4.ip_forward=1 sysctl -w net.ipv6.conf.all.disable_ipv6=0 alpine linux as workstation \ http://demogitjava.ddns.net:8000/clientlinuxos/alpine-extended-3.22.0-x86_64.iso \ connect over gnome-boxes \ with nix-os \ http://demogitjava.ddns.net:8000/clientlinuxos/nixos-gnome-24.11.716947.26d499fc9f1d-x86_64-linux.iso \ or Thinstation \ http://demogitjava.ddns.net:8000/clientlinuxos/TS-5.6.1-Installer-0921.iso \ simple gnome-box image \ http://demogitjava.ddns.net:8000/clientlinuxos/gnome-boxes_Thinstation.zip \ the backupconfig for the vm: \ http://demogitjava.ddns.net:8000/clientlinuxos/BackupThinstation.xml \ a simple ssh config for Thinstation client -> /etc/ssh/ \ start a simple ssh shell \ pkg window ssh -v -> root@192.168.10.56 \ \ set timezone to Germany \ date --utc +2 \ client - server /etc/ssh/ ssh_config - sshd_config \ `# Cipher` \ `Cipher chacha20-poly1305@openssh.com` \ \ http://demogitjava.ddns.net:8000/openwrt/ssh_config \ macvtap - add eth0 \ start the gnome image over virtmanager - add NIC -> rtl8139 edit config file for ntp time:\ chmod 777 /etc/thinstation.default \ chmod 777 /etc/thinstation.user \ chmod 777 /etc/ntp.conf \ /etc/thinstation.default Timezone Berlin and de.ntp\ /etc/thinstation.user Timezone to Berlin\ `X_DPI=100` `USE_XRANDR=TRUE` `XRANDR_OPTIONS="-s 1920x1080 --output HDMI-1"` add bridge on thinstation with vlan 0 alpine: \ `opkg install alpine-repositories` \ `apk add --allow-untrusted` --dns 194.62.181.53 --dns 194.62.180.53 --dns 204.16.255.53 --dns 204.16.254.53 \ \ host mode \ --cgroupns=host\ --dns 95.85.95.85 --dns 2.56.220.2 \ --runtime io.containerd.runc.v2 \ -v /media/cdrom:/media/cdrom \ \ `docker run -it --security-opt seccomp=unconfined --security-opt apparmor=docker-default --net=host --net=none --name devssh -e NETWORK_IF=vxlanwan -e NETWORK_NONE=lo -v /root/git:/root/git -v /var/run/docker.sock:/var/run/docker.sock -v /srv/www/htdocs:/srv/www/htdocs --cgroupns=host --runtime io.containerd.runc.v2 --runtime io.containerd.runc.v2 --privileged --add-host="host.docker.internal:host-gateway" jgsoftwares/openwrtsshgnomex11:fluxboxnetbeans /bin/ash` \ \ \ \ \ > tmpfs mount \ \ add kernel module to contianer \ -v /lib/modules:/lib/modules \ with docker daemon -> http://demogitjava.ddns.net:8000/openwrt/daemon.json \ and delte route \ `route del -net 10.8.0.0 netmask 255.255.255.0 gw 0.0.0.0` \ `route del -net 10.255.255.1 netmask 255.255.255.255 gw 0.0.0.0` \ `ip addr del 10.8.0.1/24 dev wireguard` \ `ip link set dev eth0 up` \ `ip link set dev lo up` \ run the container in debug mode \ docker run -dit -> enable debug mode \ \ `docker run -dit --security-opt seccomp=unconfined --security-opt apparmor=docker-default --net=host --net=none --name openwrtx11ssh -e NETWORK_IF=vxlanwan -e NETWORK_NONE=lo -v /root/git:/root/git -v /etc/config:/etc/config -v /var/run/docker.sock:/var/run/docker.sock --cgroupns=host -v /var/run/ubus.sock:/var/run/ubus.sock --add-host="host.docker.internal:host-gateway" --cap-add=NET_ADMIN --cap-add=NET_RAW --kernel-memory=6M --tmpfs /opt/docker jgsoftwares/openwrtsshgnomex11:fluxboxnetbeans /bin/ash` \ \ docker compose over stack \ docker stack deploy --compose-file docker-compose.yml devssh \ install alpine packages \ `apk add --allow-untrusted gitg` \ `apk add --allow-untrusted screen` \ `apk add --allow-untrusted nsjail` \ `apk add --allow-untrusted nftables` \ `apk add --allow-untrusted openssh-nftrules ` \ `opkg install kmod-nft-bridge` \ start nftables \ `rc-service nftables start` \ run the openssh-server\ `/usr/sbin/sshd -D` \ and in a second terminal start fluxbox server with \ `startx` \ nsjail start sandbox \ `nsjail -- /bin/ash | /usr/sbin/sshd -D` \ `nsjail -- /bin/ash | screen` \ `nsjail -- /bin/ash | dbus-launch` \ the default password is \ root and \ jj78mvpr52k1 by default \ change password with passwd \ `--------------------------------------------------------------` \ ssh session over vpn wireguard \ `LC_TIME="de_DE.ISO8859-1" LANG=de_DE.ISO-8859-1 QT_QPA_PLATFORM=minimal GDK_BACKEND=Fluxbox XDG_SESSION_TYPE=Fluxbox ssh -t -i ~/.ssh/id_rsa -2 -4 -YX -c chacha20-poly1305@openssh.com -C root@192.168.10.56 ` \ or \ `dbus-launch --binary-syntax --close-stderr --exit-with-session ssh -t -i ~/.ssh/id_rsa -2 -4 -YX -c chacha20-poly1305@openssh.com -C root@192.168.10.56` \ `--------------------------------------------------------------` \ \ to start netbeans edit netbeans.conf \ `/netbeans/netbeans/etc/netbeans.conf` \ with line \ `netbeans_jdkhome="/usr/lib/jvm/java-8-openjdk"` \ run netbeans with: \ `./netbeans -J-Dnimrodlf.themeFile=/root/DarkTabaco.theme --cp:p /root/nimrodlf-1.2d.jar -J-Dsun.java2d.dpiaware=false --laf com.nilo.plaf.nimrod.NimRODLookAndFeel` or alternative over path /root/netbeans/netbeans/bin \ `./netbeans` -> Metal LookAndFeel \ \ path to netbeans \ `cd /root/netbeans/netbeans/bin` \ start netbeans with openJDK \ `LC_TIME="de_DE.ISO8859-1" LANG=de_DE.ISO-8859-1 GDK_BACKEND=x11 ./netbeans -J-Dnimrodlf.themeFile=/root/DarkTabaco.theme --cp:p /root/nimrodlf-1.2d.jar -J-Dsun.java2d.dpiaware=false --jdkhome /usr/lib/jvm/java-8-openjdk --laf com.nilo.plaf.nimrod.NimRODLookAndFeel -J-Dswing.aatext=true -J-Dawt.useSystemAAFontSettings=lcd -J-Dorg.netbeans.editor.aa.fractional=true -J-Xms4096m -J-Xmx4096m` export QT_QPA_PLATFORM=vkkhrdisplay \ start netbeans with openjdk8 \ `LC_TIME="de_DE.ISO8859-1" LANG=de_DE.ISO-8859-1 XDG_SESSION_TYPE=Fluxbox QT_QPA_PLATFORM=vkkhrdisplay GDK_BACKEND=gnome-boxes ./netbeans -J-Dnimrodlf.themeFile=/root/DarkTabaco.theme --jdkhome /usr/lib/jvm/java-8-openjdk --cp:p /root/nimrodlf-1.2d.jar -J-Dsun.java2d.dpiaware=false --laf com.nilo.plaf.nimrod.NimRODLookAndFeel -J-Dswing.aatext=true -J-Dawt.useSystemAAFontSettings=lcd -J-Dorg.netbeans.editor.aa.fractional=true -J-Xms4096m -J-Xmx4096m` \ or \ \ `dbus-launch --binary-syntax --close-stderr --exit-with-session ./netbeans -J-Dnimrodlf.themeFile=/root/DarkTabaco.theme --cp:p /root/nimrodlf-1.2d.jar -J-Dsun.java2d.dpiaware=false --jdkhome /usr/lib/jvm/java-8-openjdk --laf com.nilo.plaf.nimrod.NimRODLookAndFeel -J-Dswing.aatext=true -J-Dawt.useSystemAAFontSettings=lcd -J-Dorg.netbeans.editor.aa.fractional=true -J-Xms4096m -J-Xmx4096m` or start over screen \ `apk add --allow-untrusted screen` \ \ run the openssh-server\ `/usr/sbin/sshd -D` \ and in a second terminal start fluxbox server with \ `startx` \ \ \ start the programm with command \ \ `screen ./netbeans -J-Dnimrodlf.themeFile=/root/DarkTabaco.theme --cp:p /root/nimrodlf-1.2d.jar -J-Dsun.java2d.dpiaware=false --jdkhome /usr/lib/jvm/java-8-openjdk --laf com.nilo.plaf.nimrod.NimRODLookAndFeel -J-Dswing.aatext=true -J-Dawt.useSystemAAFontSettings=lcd -J-Dorg.netbeans.editor.aa.fractional=true -J-Xms4096m -J-Xmx4096m`