sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-07-06 20:09:14 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
ports/net/containernetworking-plugins/pkg-message
Doug Rabson 1e8393f74b sysutils/podman-suite: update to 20230817 
Approved by:	imp
Differential Revision: https://reviews.freebsd.org/D41490
2023-08-24 16:23:30 +01:00

30 lines
1.2 KiB
Text
Raw Blame History

Container networking relies on NAT to allow container network packets
out to the host's network. This requires a PF firewall to perform the
translation. A simple example is included - to use it:
# cp /usr/local/etc/containers/pf.conf.sample /etc/pf.conf
...
Edit /etc/pf.conf and set v4egress_if, v6egress_if to your network interface(s)s
...
# sysrc pf_enable=YES
# service pf start
The sample PF configuration includes support for port redirections. These are
implemented as redirect rules in anchors nested under cni-rdr.
Support for redirecting connections from the container host to services running
inside a container is included for FreeBSD 13.3 and later. To enable this, first
load the pf kernel module, by adding pf_load="YES" to /boot/loader.conf and
enable PF support for these redirections using sysctl:
# kldload pf
# sysctl net.pf.filter_local=1
# service pf restart
These redirect rules do not currently work if the destination address is
localhost (e.g. 127.0.0.1 or ::1) - always use the hosts IP address when
connecting to a service inside a container using a port redirection. For example
if host port 1234 is redirected to an http service running in a container, you
could connect to it using:
# fetch -o- http://$(hostname):1234
Reference in a new issue View git blame Copy permalink