moni/stuff
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

x

Browse source
This commit is contained in:
Moni Ghaoui 2025-12-09 20:20:09 +01:00
parent 610aa0d51b
commit a45500b404
1 changed files with 103 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

103
os/FreeBSD/Podman.md Normal file
View file

@ -0,0 +1,103 @@
# Podman
Podman! On FreeBSD!
# Install
```sh
pkg install podman-suite
```
or
Repeat the messages:
```sh
pkg info -D containers-common podman podman-suite
```
Follow the instructions for creating the zfs mount point, enabling podman and Linux.
Then PF:
```sh
cp /usr/local/etc/containers/pf.conf.sample /etc/pf.conf
```
Edit it. I added my own rules too:
```pf
v4egress_if = "em0"
v6egress_if = "em0"
nat on $v4egress_if inet from <cni-nat> to any -> ($v4egress_if)
nat on $v6egress_if inet6 from <cni-nat> to !ff00::/8 -> ($v6egress_if)
rdr-anchor "cni-rdr/*"
nat-anchor "cni-rdr/*"
table <cni-nat>
# My rules
block in all
ext_if="em0"
pass in on $ext_if proto tcp to ($ext_if) port 22
pass in on $ext_if proto tcp to ($ext_if) port 80
pass in on $ext_if proto tcp to ($ext_if) port 443
tailscale_if="tailscale0"
pass in on $tailscale_if proto tcp to any port 22
pass out all keep state
```
# Run
Run a Freebsd container:
```sh
podman run --rm quay.io/dougrabson/hello
```
Run a Linux container. Note that when you want to run something from docker you qualify it with `docker.io`
```sh
podman run --rm --os=linux docker.io/alpine cat /etc/os-release | head -1
```
# Networking
If you run a container, it will use the default network podman which has a subnet of `10.88.0.0/16`, for example:
```sh
podman run --rm --os=linux docker.io/httpd
```
Will give you
```
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.88.0.8. Set the 'ServerName' directive globally to suppress this message
```
This message actually comes from the Apache Web Server, so that's useful. You can only access it from the same machine though:
```sh
curl 10.88.0.8
```
If you want to expose it externally, like we do on our Linux box, you need to attach it to the host network:
```sh
podman run --rm --os=linux --network=host docker.io/httpd
```
Then Apache complains:
```
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
```
I can now access the website on the host machine:
* http://192.168.1.10/