Hello my friendThis is what I have done:
1. make sure that you have "ifconfig" AND any requirements it may have bundled inside your container.
2. Create a Bash Script and set it as your Entrypoint (More must be done with this script in No.8 below)
3. Inside the Bash Script use something liketo create a network alias.Code:ifconfig eth0:0 192.168.70.2 netmask 255.255.255.0
here is my ifconfig output:
ifconfig -a
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.68.2 netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fe80::5485fe69:875a prefixlen 64 scopeid 0x20<link>
ether 56:85:1d:69:87:5a txqueuelen 1000 (Ethernet)
RX packets 5702142 bytes 7421585181 (7.4 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7056943 bytes 4535107514 (4.5 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.70.2 netmask 255.255.255.0 broadcast 192.168.70.255
ether 56:85:1d:69:87:5a txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 4111979 bytes 4239904963 (4.2 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4111979 bytes 4239904963 (4.2 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 9000
inet 10.0.0.2 netmask 255.255.255.0 destination 10.0.0.2
inet6 fc00::2 prefixlen 126 scopeid 0x0<global>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 3443935 bytes 3896310321 (3.8 GB)
RX errors 0 dropped 537546 overruns 0 frame 0
TX packets 1827713 bytes 333164757 (333.1 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
In the above the eth0 is my Veth, the eth0:0 is what I had created and tun0 is used for custom VPN purposes ( it is linked via a socks2tun tool to XRAY or V2RAY ).
5.Create a Bridge and the the Container's VETH to the bridge ports.
6. Assign a gateway IP address for your eth0:0 created in the 1st step above to the bridge created.
7. Use firewall SRC NAT to nat traffic to the eth0:0.
8. More from No.2:
I use the following code in my Script to route traffic from eth0:0 to the vpn tunnel inside my container. You MUST note that we are limited to use IPtables and Kernel modules available by RouterOS and it is not possible to utilize e.g. TProxy as ROS does not have the module compiled and loaded.Code:/usr/bin/hev-socks5-tunnel /usr/bin/hevsocksconfig.yml \& ifconfig eth0:0 192.168.70.2 netmask 255.255.255.0iptables --flushiptables --table nat --flushiptables -t mangle --flushiptables --delete-chainiptables --table nat --delete-chainip rule add pref 300 from 192.168.70.0/24 table tun2socksiptables -A FORWARD -i eth0:0 -s 192.168.70.0/24 -j ACCEPTiptables -A FORWARD -i tun0 -d 192.168.70.0/24 -j ACCEPTiptables -t nat -A POSTROUTING -s 192.168.70.0/24 -o tun0 -j MASQUERADEip route flush table tun2socksip route show table main | grep -Ev ^default | while read ROUTE ; do ip route add table tun2socks $ROUTE; doneip route add default via 10.0.0.1 dev tun0 table tun2socksip route flush cache/usr/local/bin/xray run /usr/local/bin/config.json [u](#THIS LINE IS TO RUN XRAY AS MY TUNNEL VPN)[/u]
fe69:875a prefixlen 64 scopeid 0x20<link>You did exactly what I wanted and thank you so much for sharing it with me
I would like you to explain more about steps 5 and 6 if you can. Look, I created the bridge once, but now I can't create another bridge and put the container interface inside it. If I want to do this, I have to switch from the previous bridge to the new bridge, which will also lose access to the Internet.
Statistics: Posted by AresPo — Sun Feb 04, 2024 1:21 am