Latest revision as of 15:51, 12 March 2019

Docker OpenWrt Image

はじめの第一歩

docker import https://downloads.openwrt.org/snapshots/targets/x86/64/openwrt-x86-64-generic-rootfs.tar.gz openwrt-x86-64-generic-rootfs
docker images
docker run --rm -i openwrt-x86-64-generic-rootfs cat /etc/banner
docker run --rm -i -t openwrt-x86-64-generic-rootfs /bin/ash

つかえる OpenWrt 環境構築

Head はいろいろ問題点があったりするのでリリース版で

wget https://downloads.openwrt.org/releases/18.06.1/targets/x86/64/openwrt-18.06.1-x86-64-generic-rootfs.tar.gz

Dockerfile:

FROM scratch
ADD ./openwrt-18.06.1-x86-64-generic-rootfs.tar.gz /

EXPOSE 80 443 22

ADD network /etc/config/network

USER root
CMD ["/sbin/init"]

network:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0'
	option proto 'static'
	option ipaddr '172.17.0.2'
	option netmask '255.255.0.0'
	option gateway '172.17.0.1'
	option delegate '0'

docker build -t openwrt-18.06.1-x86-64-generic-rootfs:latest .
docker run -d --name openwrt --device /dev/kmsg --tmpfs /tmp --cap-add NET_ADMIN -p 8822:22 -p 8880:80 openwrt-18.06.1-x86-64-generic-rootfs:latest
docker exec -it openwrt /bin/ash

docker exec -it openwrt uci set network.lan.ipaddr='`docker inspect --format="{{ .NetworkSettings.IPAddress }}" openwrt`'
docker exec -it openwrt uci commit
docker exec -it openwrt /etc/init.d/odhcpd disable
docker exec -it openwrt /etc/init.d/dnsmasq disable
docker exec -it openwrt /etc/init.d/sysntpd disable
docker restart openwrt

雑多なメモ

OpenWrt Head で IPv4 only の環境で docker 配下で動かすとなぜか wget が IPv6 でバインドしようとして 'Failed to establish connection'

ネットワークの設定も間違いがないのがだ、IPv6 で bind しにいく。もちろん wget -4 では正常。uclient-fetch が wget の正体。ホストOS側で完全にIPv6を停止すれば大丈夫だが。

強引な解決法

mv /bin/wget /bin/wget.orig
cat <<EOF > /bin/wget
#/bin/ash
/bin/wget.orig -4 \$*
EOF
chmod +x /bin/wget

security

ホストで制限したほうがよさそう

sudo sysctl -w kernel.dmesg_restrict=1
sudo sysctl -w kernel.kptr_restrict=1
sudo sysctl -w kernel.yama.ptrace_scope=0

Docker OpenWrt Image: Difference between revisions

Latest revision as of 15:51, 12 March 2019

Contents

Docker OpenWrt Image

はじめの第一歩

つかえる OpenWrt 環境構築

雑多なメモ

security

Navigation menu

Docker OpenWrt Image: Difference between revisions

Latest revision as of 15:51, 12 March 2019

Docker OpenWrt Image

はじめの第一歩

つかえる OpenWrt 環境構築

雑多なメモ

security

Navigation menu

Search