diff --git a/os/FreeBSD/Podman.md b/os/FreeBSD/Podman.md new file mode 100644 index 0000000..215622a --- /dev/null +++ b/os/FreeBSD/Podman.md @@ -0,0 +1,103 @@ +# Podman + +Podman! On FreeBSD! + +# Install + +```sh +pkg install podman-suite +``` + +or + +Repeat the messages: + +```sh +pkg info -D containers-common podman podman-suite +``` + +Follow the instructions for creating the zfs mount point, enabling podman and Linux. + +Then PF: + +```sh +cp /usr/local/etc/containers/pf.conf.sample /etc/pf.conf +``` + +Edit it. I added my own rules too: + +```pf +v4egress_if = "em0" +v6egress_if = "em0" + +nat on $v4egress_if inet from to any -> ($v4egress_if) +nat on $v6egress_if inet6 from to !ff00::/8 -> ($v6egress_if) + +rdr-anchor "cni-rdr/*" +nat-anchor "cni-rdr/*" +table + +# My rules +block in all + +ext_if="em0" + +pass in on $ext_if proto tcp to ($ext_if) port 22 +pass in on $ext_if proto tcp to ($ext_if) port 80 +pass in on $ext_if proto tcp to ($ext_if) port 443 + +tailscale_if="tailscale0" +pass in on $tailscale_if proto tcp to any port 22 + +pass out all keep state +``` + +# Run + +Run a Freebsd container: + +```sh +podman run --rm quay.io/dougrabson/hello +``` + +Run a Linux container. Note that when you want to run something from docker you qualify it with `docker.io` + +```sh +podman run --rm --os=linux docker.io/alpine cat /etc/os-release | head -1 +``` + +# Networking + +If you run a container, it will use the default network podman which has a subnet of `10.88.0.0/16`, for example: + +```sh +podman run --rm --os=linux docker.io/httpd +``` + +Will give you + +``` +AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.88.0.8. Set the 'ServerName' directive globally to suppress this message +``` + +This message actually comes from the Apache Web Server, so that's useful. You can only access it from the same machine though: + +```sh +curl 10.88.0.8 +``` + +If you want to expose it externally, like we do on our Linux box, you need to attach it to the host network: + +```sh +podman run --rm --os=linux --network=host docker.io/httpd +``` + +Then Apache complains: + +``` +AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message +``` + +I can now access the website on the host machine: + +* http://192.168.1.10/