This is breaking apart the network bridging and Containerfile building aspects from T3766 for better tracking
containers network service01 { enable-bridging prefix 10.72.1.0/24 }
This change is the enable-bridging in the network. This disables the masquerading functionality of the network and exposes the network directly.
So a traceroute through my desktop. Hop #2 is the VyOS install running the container.
❯ traceroute 10.72.1.202 traceroute to 10.72.1.202 (10.72.1.202), 30 hops max, 60 byte packets 1 route01.lan.kroy.io (10.9.1.3) 0.662 ms 0.618 ms 0.606 ms 2 10.245.245.9 (10.245.245.9) 0.860 ms 0.699 ms 0.838 ms 3 10.72.1.202 (10.72.1.202) 0.881 ms 0.870 ms 0.860 ms
There are two outstanding things from this that I'm not fully sure how to resolve.
- Right now this works flawlessly with zone based firewalls. But I'm not sure what to do to allow this interface to use traditional firewalling. Does it just need to include a template?
set zone-policy zone LAN interface cni-podman0
- cnd-podman0 is now available for use in NAT/firewalling/etc. But it's ugly and not very VyOS-y. This can be changed, but I'm not sure to what. container0, container1 etc? Whatever this ends up being would also have to be added to the list-interfaces.py script.