开启网卡混杂模式

ip link set eth0 promisc on

创建Macvlan复用网卡

用于虚拟主机接入局域网,这里的gateway和subnet根据自己的网段设置

docker network create -d macvlan --subnet=192.168.50.0/24 --gateway=192.168.50.1 -o parent=eth0 macnet

创建容器

创建名为openwrt的OpenWRT容器

docker run --name openwrt --restart always -d --network macnet --privileged itvro/openwrt-aarch64:latest /sbin/init

修改容器网络参数


创建成功后,启动容器的bash进行设置

CoreELEC:~ # docker exec -it openwrt /bin/bash
bash-5.1# vi /etc/config/network

将lan口网络参数按自己网络结构来设置

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
       option ula_prefix 'fdf7:b573:bfcc::/48'
config interface 'lan'
       option ifname 'eth0'
       option proto 'static'
       option ipaddr '192.168.50.2'
       option netmask '255.255.255.0'
       option gateway '192.168.50.1'
       option broadcast '192.168.50.255'
       option dns '192.168.50.1'
       option ip6assign '60'
       option delegate '0'

config interface 'vpn0'
       option ifname 'tun0'
       option proto 'none'

停用防火墙

bash-5.1# /etc/init.d/firewall disable&&/etc/init.d/firewall stop
Warning: Section @defaults[0] requires unavailable target extension FLOWOFFLOAD, disabling
Warning: Section @zone[1] (wan) cannot resolve device of network 'wan'
Warning: Section @zone[1] (wan) cannot resolve device of network 'wan6'
Warning: Section @defaults[0] requires unavailable target extension FLOWOFFLOAD, disabling
Warning: Section @zone[1] (wan) has no device, network, subnet or extra options
 * Flushing IPv4 filter table
 * Flushing IPv4 nat table
 * Flushing IPv4 mangle table

重启网络

bash-5.1# /etc/init.d/network restart

退出到CoreELEC环境

bash-5.1# exit

重启OpenWRT容器

CoreELEC:~ # docker restart openwrt

现在可以像正常硬路由一样,通过刚才配置的容器网络ip地址 192.168.50.2 访问并配置Docker中的OpenWRT了。

另外注:做旁路由的话还要添加自定义防火墙规则(网络->防火墙->自定义规则):

iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE

也可以尝试(有桥接存在的情况下)

iptables -t nat -I POSTROUTING -o  br-lan  -j MASQUERADE





最后修改:2021 年 09 月 14 日
如果觉得我的文章对你有用,请随意赞赏