# Podman Podman! On FreeBSD! # Install ```sh pkg install podman-suite ``` or Repeat the messages: ```sh pkg info -D containers-common podman podman-suite ``` Follow the instructions for creating the zfs mount point, enabling podman and Linux. Then PF: ```sh cp /usr/local/etc/containers/pf.conf.sample /etc/pf.conf ``` Edit it. I added my own rules too: ```pf v4egress_if = "em0" v6egress_if = "em0" nat on $v4egress_if inet from to any -> ($v4egress_if) nat on $v6egress_if inet6 from to !ff00::/8 -> ($v6egress_if) rdr-anchor "cni-rdr/*" nat-anchor "cni-rdr/*" table # My rules block in all ext_if="em0" pass in on $ext_if proto tcp to ($ext_if) port 22 pass in on $ext_if proto tcp to ($ext_if) port 80 pass in on $ext_if proto tcp to ($ext_if) port 443 tailscale_if="tailscale0" pass in on $tailscale_if proto tcp to any port 22 pass out all keep state ``` # Run Run a Freebsd container: ```sh podman run --rm quay.io/dougrabson/hello ``` Run a Linux container. Note that when you want to run something from docker you qualify it with `docker.io` ```sh podman run --rm --os=linux docker.io/alpine cat /etc/os-release | head -1 ``` # Networking If you run a container, it will use the default network podman which has a subnet of `10.88.0.0/16`, for example: ```sh podman run --rm --os=linux docker.io/httpd ``` Will give you ``` AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.88.0.8. Set the 'ServerName' directive globally to suppress this message ``` This message actually comes from the Apache Web Server, so that's useful. You can only access it from the same machine though: ```sh curl 10.88.0.8 ``` If you want to expose it externally, like we do on our Linux box, you need to attach it to the host network: ```sh podman run --rm --os=linux --network=host docker.io/httpd ``` Then Apache complains: ``` AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message ``` I can now access the website on the host machine: * http://192.168.1.10/