Note: Due to misconfigured DNS servers on the Internet, computers that use both IPv4 and IPv6 might not be able to resolve names and connect to Internet resources. This sounds like this could be the key to the problem: I needed to set the “Interface listening behavior” to “Listen on all interfaces” in pihole network settings as pihole defaults to not existing eth0 (the virtual adapter for testnet is named like way we get a separate docker network to use for bridging docker containers to the local network like we do in other virtualization environments without dealing with firewalls or virtual NAT and IPs can be managed with Nethserver DHCP.This is only a problem when nxfilter tries to resolve any domain that points back to itself, so yes and - all other nxfilter functionality is working. Run the docker run command, like in this example for pihole:ĭocker run -d -name pihole -e TZ="Europe/Vienna" -e WEBPASSWORD="admin" -v "$(pwd)/etc-pihole/:/etc/pihole/" -v "$(pwd)/etc-dnsmasq.d/:/etc/dnsmasq.d/" -cap-add NET_ADMIN - net=testnet - mac-address=0e:6f:47:f7:26:1a -restart=unless-stopped pihole/pihole:latest We need to set the new created network and a fixed unique MAC address else the containers get random ones on restart and that breaks DHCP reservations. You need a bridge to connect to (could be created in UI, if you use NSDC you already have one).Ĭreate the docker network testnet with bridge br0:ĭocker network create -d devplayer0/net-dhcp:latest -ipam-driver null -o bridge=br0 testnet Yes, the docker-net-dhcp plugin worked perfectly.īTW, I tested with the nxfilter image first and noticed the latest nxfilter image does not start, there’s an open issue.ĭocker plugin install devplayer0/net-dhcp If docker is bridged to Green, can dhcp server be used for a reservation? I also noted that yum install of results in a failed connection. Loading mirror speeds from cached hostfile Loaded plugins: changelog, fastestmirror, nethserver_events Installng the nethserver-docker via yum install -enablerepo=nethforge-testing nethserver-docker resulted in the following ~]# yum install -enablerepo=nethforge-testing nethserver-docker I was playing around with Guacamole and ran into problems trying to deploy nethserver-docker on a fresh NS demo. Using rootless podman containers - I already tried but no success.The last filter uses Nethserver as upstream DNS. One filter uses the next one as upstream DNS. Now when clients use the proxy the DNS filter is involved. You need to set the Nethserver upstream DNS to one of the filters. In this case the filter only gets the IP of the Nethserver and has no information who is surfing but blocks ads and more. Nethserver uses webfilter as upstream DNS Nxfilter for instance can map the IP to AD/LDAP users. This way the filter gets the client IP and you can see it in the logs. The Nethserver uses an outside upstream DNS like 8.8.4.4 (google). This webfilter uses the Nethserver as upstream DNS. They may get the DNS server to use from Nethserver DHCP. The clients use the DNS server of a webfilter. This way all clients should be able to access it. You may use a static route on the internet gateway for the aqua network to go to the docker machine. Now you can manage the containers via web UI.Ĭheck the IPs of your machines, if you installed in a different order they may differ. Install nxfilter and/or pihole to test them.Įdit TZ=Europe/Vienna to match your timezone: Nxfilterĭocker run -d -name nxfilter -v nxfilter-conf:/nxfilter/conf -v nxfilter-log:/nxfilter/log -v nxfilter-db:/nxfilter/db -e TZ=Europe/Vienna -net=aqua -restart=unless-stopped packetworks/nxfilter-base:latest Piholeĭocker run -d -name pihole -e TZ="Europe/Vienna" -e WEBPASSWORD="admin" -v "$(pwd)/etc-pihole/:/etc/pihole/" -v "$(pwd)/etc-dnsmasq.d/:/etc/dnsmasq.d/" -cap-add NET_ADMIN -net=aqua -restart=unless-stopped pihole/pihole:latest Portainerīrowse to setup admin username/password and select Local. mkdir -p /etc/e-smith/templates-custom/etc/shorewall/policyĬp /etc/e-smith/templates/etc/shorewall/policy/35aqua /etc/e-smith/templates-custom/etc/shorewall/policy/Ĭat /etc/e-smith/templates-custom/etc/shorewall/policy/35aqua In a production environment you should leave this step and set firewall rules. Get docker repo and install and enable nethserver-docker: cd ~įor testing purposes I decided to open the docker network by policy. Please test and give feedback… Installation This howto is for testing the DNS webfilters.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |