Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

能提供一下docker和dockerd么? #83

Closed
flyhong666 opened this issue Jun 6, 2021 · 37 comments
Closed

能提供一下docker和dockerd么? #83

flyhong666 opened this issue Jun 6, 2021 · 37 comments

Comments

@flyhong666
Copy link

能提供一下docker和dockerd么?我从人家一个库里面拷贝过来,下载文件那一步都不行。晕死了,导致没法编译。
@lisaac
Copy link
Owner

lisaac commented Jun 6, 2021

https://github.com/openwrt/packages/tree/master/utils

@lisaac lisaac closed this as completed Jun 6, 2021
@flyhong666
Copy link
Author

好奇怪,一样的问题,都是没法下载,我科学上网都是没问题的。

@flyhong666
Copy link
Author

我搞明白了。原来是代码指定的golang和我现在库代码路径不一致导致。自行处理好了。。。

@kissyouhunter
Copy link

我搞明白了。原来是代码指定的golang和我现在库代码路径不一致导致。自行处理好了。。。

求教
我用的大佬告诉的修改Makefile的方法编译过的

@flyhong666
Copy link
Author

我搞明白了。原来是代码指定的golang和我现在库代码路径不一致导致。自行处理好了。。。

求教
我用的大佬告诉的修改Makefile的方法编译过的

不修改也可以,但是要将目录放到feeds\packages\utils 里面。。

@flyhong666
Copy link
Author

用大雕的源码暂时没法编译通过,要覆盖好多文件。暂时不升级折腾了。。。

@kissyouhunter
Copy link

用大雕的源码暂时没法编译通过,要覆盖好多文件。暂时不升级折腾了。。。

了解
我就用最简单的方法吧

@QZQ-QSQ
Copy link

QZQ-QSQ commented Jun 6, 2021

用大雕的源码暂时没法编译通过,要覆盖好多文件。暂时不升级折腾了。。。

了解
我就用最简单的方法吧

请问方法是什么?可以告诉我吗?我折腾了几天,在LEAN的源码,加上这个dockerman编译就提示docker和dockerd出错。谢谢了。

@flyhong666
Copy link
Author

晕,编译是通过了,可点击一下容器就出错。。。
/usr/lib/lua/luci/dispatcher.lua:381: Failed to execute cbi dispatcher target for entry '/admin/docker/containers'.
The called action terminated with an exception:
/usr/lib/lua/luci/model/cbi/dockerman/containers.lua:39: bad argument #1 to 'new' (string expected, got nil)
stack traceback:
[C]: in function 'assert'
/usr/lib/lua/luci/dispatcher.lua:381: in function 'dispatch'
/usr/lib/lua/luci/dispatcher.lua:95: in function </usr/lib/lua/luci/dispatcher.lua:94>

@flyhong666
Copy link
Author

选择仓库镜像后,点击保存应用也出错。。。
/usr/lib/lua/luci/dispatcher.lua:381: Failed to execute cbi dispatcher target for entry '/admin/docker/overview'.
The called action terminated with an exception:
/usr/lib/lua/luci/model/cbi/dockerman/overview.lua:119: bad argument #4 to 'set' (string expected, got nil)
stack traceback:
[C]: in function 'assert'
/usr/lib/lua/luci/dispatcher.lua:381: in function 'dispatch'
/usr/lib/lua/luci/dispatcher.lua:95: in function </usr/lib/lua/luci/dispatcher.lua:94>

@QZQ-QSQ
Copy link

QZQ-QSQ commented Jun 6, 2021

选择仓库镜像后,点击保存应用也出错。。。
/usr/lib/lua/luci/dispatcher.lua:381: Failed to execute cbi dispatcher target for entry '/admin/docker/overview'.
The called action terminated with an exception:
/usr/lib/lua/luci/model/cbi/dockerman/overview.lua:119: bad argument #4 to 'set' (string expected, got nil)
stack traceback:
[C]: in function 'assert'
/usr/lib/lua/luci/dispatcher.lua:381: in function 'dispatch'
/usr/lib/lua/luci/dispatcher.lua:95: in function </usr/lib/lua/luci/dispatcher.lua:94>

那只能等两位大佬合作,才能解决了。

@lisaac
Copy link
Owner

lisaac commented Jun 6, 2021

晕,编译是通过了,可点击一下容器就出错。。。
/usr/lib/lua/luci/dispatcher.lua:381: Failed to execute cbi dispatcher target for entry '/admin/docker/containers'.
The called action terminated with an exception:
/usr/lib/lua/luci/model/cbi/dockerman/containers.lua:39: bad argument #1 to 'new' (string expected, got nil)
stack traceback:
[C]: in function 'assert'
/usr/lib/lua/luci/dispatcher.lua:381: in function 'dispatch'
/usr/lib/lua/luci/dispatcher.lua:95: in function </usr/lib/lua/luci/dispatcher.lua:94>

opkg install luci-lib-ip

@lisaac
Copy link
Owner

lisaac commented Jun 6, 2021

选择仓库镜像后,点击保存应用也出错。。。
/usr/lib/lua/luci/dispatcher.lua:381: Failed to execute cbi dispatcher target for entry '/admin/docker/overview'.
The called action terminated with an exception:
/usr/lib/lua/luci/model/cbi/dockerman/overview.lua:119: bad argument #4 to 'set' (string expected, got nil)
stack traceback:
[C]: in function 'assert'
/usr/lib/lua/luci/dispatcher.lua:381: in function 'dispatch'
/usr/lib/lua/luci/dispatcher.lua:95: in function </usr/lib/lua/luci/dispatcher.lua:94>

感谢测试,等下更新

@flyhong666
Copy link
Author

晕,编译是通过了,可点击一下容器就出错。。。
/usr/lib/lua/luci/dispatcher.lua:381: Failed to execute cbi dispatcher target for entry '/admin/docker/containers'.
The called action terminated with an exception:
/usr/lib/lua/luci/model/cbi/dockerman/containers.lua:39: bad argument #1 to 'new' (string expected, got nil)
stack traceback:
[C]: in function 'assert'
/usr/lib/lua/luci/dispatcher.lua:381: in function 'dispatch'
/usr/lib/lua/luci/dispatcher.lua:95: in function </usr/lib/lua/luci/dispatcher.lua:94>

opkg install luci-lib-ip

2021-06-06_155420
有这个哦。。。。

lisaac added a commit that referenced this issue Jun 6, 2021
@lisaac
fix issue #83
e580495
@lisaac
Copy link
Owner

lisaac commented Jun 6, 2021

晕,编译是通过了,可点击一下容器就出错。。。
/usr/lib/lua/luci/dispatcher.lua:381: Failed to execute cbi dispatcher target for entry '/admin/docker/containers'.
The called action terminated with an exception:
/usr/lib/lua/luci/model/cbi/dockerman/containers.lua:39: bad argument #1 to 'new' (string expected, got nil)
stack traceback:
[C]: in function 'assert'
/usr/lib/lua/luci/dispatcher.lua:381: in function 'dispatch'
/usr/lib/lua/luci/dispatcher.lua:95: in function </usr/lib/lua/luci/dispatcher.lua:94>

opkg install luci-lib-ip

2021-06-06_155420
有这个哦。。。。

已经更新,麻烦下载ipk先测试下

@flyhong666
Copy link
Author

晕,编译是通过了,可点击一下容器就出错。。。
/usr/lib/lua/luci/dispatcher.lua:381: Failed to execute cbi dispatcher target for entry '/admin/docker/containers'.
The called action terminated with an exception:
/usr/lib/lua/luci/model/cbi/dockerman/containers.lua:39: bad argument #1 to 'new' (string expected, got nil)
stack traceback:
[C]: in function 'assert'
/usr/lib/lua/luci/dispatcher.lua:381: in function 'dispatch'
/usr/lib/lua/luci/dispatcher.lua:95: in function </usr/lib/lua/luci/dispatcher.lua:94>

opkg install luci-lib-ip

2021-06-06_155420
有这个哦。。。。

已经更新,麻烦下载ipk先测试下

现在打开没有问题了,可是弄好的东西打不开哦。

@lisaac
Copy link
Owner

lisaac commented Jun 6, 2021

弄好

弄好的东西是指什么

@flyhong666
Copy link
Author

弄好

弄好的东西是指什么

2021-06-06_162631
我就弄了一个简单的测速,这个都没法运行起来。以前的老版本是可以的。

@flyhong666
Copy link
Author

2021-06-06_162803

@lisaac
Copy link
Owner

lisaac commented Jun 6, 2021
edited
Loading

@flyhong666

iptables -A DOCKER-MAN -i br-lan -o docker0 -j RETURN
sed -i 's/config_load docker$/config_load dockerd/' /etc/config/dockerman

麻烦测试下,谢谢

@flyhong666
Copy link
Author

@flyhong666

iptables -A DOCKER-MAN -i br-lan -o docker0 -j RETURN
sed -i 's/config_load docker$/config_load dockerd/' /etc/config/dockerman

麻烦测试下,谢谢

root@OpenWrt:/# iptables -A DOCKER-MAN -i br-lan -o docker0 -j RETURN
root@OpenWrt:/# sed -i 's/config_load docker$/config_load dockerd/' /etc/config/dockerman
sed: /etc/config/dockerman: No such file or directory

@lisaac
Copy link
Owner

lisaac commented Jun 6, 2021
edited
Loading

错了是 sed -i 's/config_load docker$/config_load dockerd/' /etc/init.d/dockerman

@flyhong666
Copy link
Author

错了是 sed -i 's/config_load docker$/config_load dockerd/' /etc/init.d/dockerman

还是不行哦。。。
2021-06-06_183817

@lisaac
Copy link
Owner

lisaac commented Jun 6, 2021

iptables-save
ip addr
内容贴一下

@flyhong666
Copy link
Author

iptables-save
ip addr
内容贴一下

| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -| || | | || || |
|_____|| |||||___||| |____|
|| W I R E L E S S F R E E D O M

OpenWrt SNAPSHOT, r3222-6f0e71058

root@OpenWrt:/# iptables-save

Generated by iptables-save v1.8.4 on Sun Jun 6 18:42:19 2021

*nat
:PREROUTING ACCEPT [317:185241]
:INPUT ACCEPT [8:946]
:OUTPUT ACCEPT [24:1788]
:POSTROUTING ACCEPT [4:268]
:DOCKER - [0:0]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:postrouting_docker_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_docker_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_docker_postrouting - [0:0]
:zone_docker_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i eth1 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i docker0 -m comment --comment "!fw3" -j zone_docker_prerouting
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p tcp -m tcp --dport 80 -j MASQUERADE
-A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p tcp -m tcp --dport 80 -j MASQUERADE
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o eth1 -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o docker0 -m comment --comment "!fw3" -j zone_docker_postrouting
-A DOCKER -i docker0 -j RETURN
-A DOCKER ! -i docker0 -p tcp -m tcp --dport 2020 -j DNAT --to-destination 172.17.0.2:80
-A DOCKER ! -i docker0 -p tcp -m tcp --dport 2020 -j DNAT --to-destination 172.17.0.2:80
-A zone_docker_postrouting -m comment --comment "!fw3: Custom docker postrouting rule chain" -j postrouting_docker_rule
-A zone_docker_prerouting -m comment --comment "!fw3: Custom docker prerouting rule chain" -j prerouting_docker_rule
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
COMMIT

Completed on Sun Jun 6 18:42:19 2021

Generated by iptables-save v1.8.4 on Sun Jun 6 18:42:19 2021

*raw
:PREROUTING ACCEPT [974:502892]
:OUTPUT ACCEPT [322:340501]
:zone_docker_helper - [0:0]
:zone_lan_helper - [0:0]
-A PREROUTING -i br-lan -m comment --comment "!fw3: lan CT helper assignment" -j zone_lan_helper
-A PREROUTING -i docker0 -m comment --comment "!fw3: docker CT helper assignment" -j zone_docker_helper
-A zone_docker_helper -p udp -m comment --comment "!fw3: Amanda backup and archiving proto" -m udp --dport 10080 -j CT --helper amanda
-A zone_docker_helper -p tcp -m comment --comment "!fw3: FTP passive connection tracking" -m tcp --dport 21 -j CT --helper ftp
-A zone_docker_helper -p udp -m comment --comment "!fw3: RAS proto tracking" -m udp --dport 1719 -j CT --helper RAS
-A zone_docker_helper -p tcp -m comment --comment "!fw3: Q.931 proto tracking" -m tcp --dport 1720 -j CT --helper Q.931
-A zone_docker_helper -p tcp -m comment --comment "!fw3: IRC DCC connection tracking" -m tcp --dport 6667 -j CT --helper irc
-A zone_docker_helper -p tcp -m comment --comment "!fw3: PPTP VPN connection tracking" -m tcp --dport 1723 -j CT --helper pptp
-A zone_docker_helper -p tcp -m comment --comment "!fw3: SIP VoIP connection tracking" -m tcp --dport 5060 -j CT --helper sip
-A zone_docker_helper -p udp -m comment --comment "!fw3: SIP VoIP connection tracking" -m udp --dport 5060 -j CT --helper sip
-A zone_docker_helper -p udp -m comment --comment "!fw3: SNMP monitoring connection tracking" -m udp --dport 161 -j CT --helper snmp
-A zone_docker_helper -p udp -m comment --comment "!fw3: TFTP connection tracking" -m udp --dport 69 -j CT --helper tftp
-A zone_lan_helper -p udp -m comment --comment "!fw3: Amanda backup and archiving proto" -m udp --dport 10080 -j CT --helper amanda
-A zone_lan_helper -p tcp -m comment --comment "!fw3: FTP passive connection tracking" -m tcp --dport 21 -j CT --helper ftp
-A zone_lan_helper -p udp -m comment --comment "!fw3: RAS proto tracking" -m udp --dport 1719 -j CT --helper RAS
-A zone_lan_helper -p tcp -m comment --comment "!fw3: Q.931 proto tracking" -m tcp --dport 1720 -j CT --helper Q.931
-A zone_lan_helper -p tcp -m comment --comment "!fw3: IRC DCC connection tracking" -m tcp --dport 6667 -j CT --helper irc
-A zone_lan_helper -p tcp -m comment --comment "!fw3: PPTP VPN connection tracking" -m tcp --dport 1723 -j CT --helper pptp
-A zone_lan_helper -p tcp -m comment --comment "!fw3: SIP VoIP connection tracking" -m tcp --dport 5060 -j CT --helper sip
-A zone_lan_helper -p udp -m comment --comment "!fw3: SIP VoIP connection tracking" -m udp --dport 5060 -j CT --helper sip
-A zone_lan_helper -p udp -m comment --comment "!fw3: SNMP monitoring connection tracking" -m udp --dport 161 -j CT --helper snmp
-A zone_lan_helper -p udp -m comment --comment "!fw3: TFTP connection tracking" -m udp --dport 69 -j CT --helper tftp
COMMIT

Completed on Sun Jun 6 18:42:19 2021

Generated by iptables-save v1.8.4 on Sun Jun 6 18:42:19 2021

*mangle
:PREROUTING ACCEPT [974:502892]
:INPUT ACCEPT [954:501852]
:FORWARD ACCEPT [20:1040]
:OUTPUT ACCEPT [326:342468]
:POSTROUTING ACCEPT [326:342468]
:RRDIPT_FORWARD - [0:0]
:RRDIPT_INPUT - [0:0]
:RRDIPT_OUTPUT - [0:0]
-A INPUT -j RRDIPT_INPUT
-A FORWARD -j RRDIPT_FORWARD
-A FORWARD -o eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -j RRDIPT_OUTPUT
-A RRDIPT_FORWARD -s 192.168.10.2/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.10.2/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.1/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.1/32 -j RETURN
-A RRDIPT_INPUT -i eth0 -j RETURN
-A RRDIPT_INPUT -i eth1 -j RETURN
-A RRDIPT_OUTPUT -o eth0 -j RETURN
-A RRDIPT_OUTPUT -o eth1 -j RETURN
COMMIT

Completed on Sun Jun 6 18:42:19 2021

Generated by iptables-save v1.8.4 on Sun Jun 6 18:42:19 2021

*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-MAN - [0:0]
:DOCKER-USER - [0:0]
:MINIUPNPD - [0:0]
:forwarding_docker_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_docker_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_docker_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_docker_dest_ACCEPT - [0:0]
:zone_docker_forward - [0:0]
:zone_docker_input - [0:0]
:zone_docker_output - [0:0]
:zone_docker_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i eth1 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i docker0 -m comment --comment "!fw3" -j zone_docker_input
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i eth1 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i docker0 -m comment --comment "!fw3" -j zone_docker_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o eth1 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o docker0 -m comment --comment "!fw3" -j zone_docker_output
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 80 -j ACCEPT
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 80 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-MAN -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j RETURN
-A DOCKER-MAN -o docker0 -m conntrack --ctstate INVALID,NEW -j DROP
-A DOCKER-MAN -j RETURN
-A DOCKER-USER -j DOCKER-MAN
-A DOCKER-USER -i eth1 -o docker0 -j REJECT --reject-with icmp-port-unreachable
-A DOCKER-USER -j RETURN
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_docker_dest_ACCEPT -o docker0 -m comment --comment "!fw3" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Custom docker forwarding rule chain" -j forwarding_docker_rule
-A zone_docker_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_input -m comment --comment "!fw3: Custom docker input rule chain" -j input_docker_rule
-A zone_docker_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_docker_input -m comment --comment "!fw3" -j zone_docker_src_ACCEPT
-A zone_docker_output -m comment --comment "!fw3: Custom docker output rule chain" -j output_docker_rule
-A zone_docker_output -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_src_ACCEPT -i docker0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth1 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth1 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o eth1 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8118 -m comment --comment "!fw3: adblock" -j DROP
-A zone_wan_input -p tcp -m tcp --dport 1688 -m comment --comment "!fw3: kms" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i eth1 -m comment --comment "!fw3" -j reject
COMMIT

Completed on Sun Jun 6 18:42:19 2021

root@OpenWrt:/# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 5a:23:64:b7:22:61 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP group default qlen 1000
link/ether 00:0c:29:56:36:39 brd ff:ff:ff:ff:ff:ff
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:56:36:43 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.62/24 brd 192.168.1.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe56:3643/64 scope link
valid_lft forever preferred_lft forever
5: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:56:36:4d brd ff:ff:ff:ff:ff:ff
6: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:56:36:57 brd ff:ff:ff:ff:ff:ff
7: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether de:16:77:2d:c4:e9 brd ff:ff:ff:ff:ff:ff
8: teql0: mtu 1500 qdisc noop state DOWN group default qlen 100
link/void
9: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:0c:29:56:36:39 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.1/24 brd 192.168.10.255 scope global br-lan
valid_lft forever preferred_lft forever
inet6 fd6d:28bb:10e6::1/60 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe56:3639/64 scope link
valid_lft forever preferred_lft forever
10: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:72:6a:7d:71 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:72ff:fe6a:7d71/64 scope link
valid_lft forever preferred_lft forever
12: vethfe59fca@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 5e:9a:6e:99:27:25 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::5c9a:6eff:fe99:2725/64 scope link
valid_lft forever preferred_lft forever

@flyhong666
Copy link
Author

编辑容器的时候,不会继承原来的内容。。。。

@lisaac
Copy link
Owner

lisaac commented Jun 6, 2021

编辑容器的时候,不会继承原来的内容。。。。

能发把镜像发上来看下吗,我这边刚刚试了下是可行的
另外iptables-save结果是执行了iptables -A DOCKER-MAN -i br-lan -o docker0 -j RETURN之后的吗

@flyhong666
Copy link
Author

编辑容器的时候,不会继承原来的内容。。。。

能发把镜像发上来看下吗,我这边刚刚试了下是可行的
另外iptables-save结果是执行了iptables -A DOCKER-MAN -i br-lan -o docker0 -j RETURN之后的吗

docker pull adolfintel/speedtest 用的是这个。。对,上面那些都是按照你提示做的。

@lisaac
Copy link
Owner

lisaac commented Jun 6, 2021

编辑容器的时候,不会继承原来的内容。。。。

能发把镜像发上来看下吗,我这边刚刚试了下是可行的
另外iptables-save结果是执行了iptables -A DOCKER-MAN -i br-lan -o docker0 -j RETURN之后的吗

docker pull adolfintel/speedtest 用的是这个。。对,上面那些都是按照你提示做的。

我的意思是openwrt镜像

@flyhong666
Copy link
Author

编辑容器的时候,不会继承原来的内容。。。。

能发把镜像发上来看下吗,我这边刚刚试了下是可行的
另外iptables-save结果是执行了iptables -A DOCKER-MAN -i br-lan -o docker0 -j RETURN之后的吗

docker pull adolfintel/speedtest 用的是这个。。对,上面那些都是按照你提示做的。

我的意思是openwrt镜像

https://cloud.189.cn/t/fIviUf732QRf 192.168.10.1 ,root ,password

@flyhong666
Copy link
Author

编辑容器的时候,不会继承原来的内容。。。。

能发把镜像发上来看下吗,我这边刚刚试了下是可行的
另外iptables-save结果是执行了iptables -A DOCKER-MAN -i br-lan -o docker0 -j RETURN之后的吗

docker pull adolfintel/speedtest 用的是这个。。对,上面那些都是按照你提示做的。

我的意思是openwrt镜像

以前弄的镜像和容器难道都要删掉重新弄?等会再重新拉取试一下。。。

@flyhong666
Copy link
Author

删掉镜像和容器,重新拉取镜像来创建容器都还是一样。

@lisaac
Copy link
Owner

lisaac commented Jun 7, 2021
edited
Loading

@flyhong666
抽空已修复无法访问容器的问题,请使用新版本
另外编辑/复制容器的时候不会继承是由于没有下面这个补丁,我在置顶 known issues #29 中有提到,现在已经在第一次安装的适合热更新了这个补丁:
openwrt/luci@1d1ded1

@flyhong666
Copy link
Author

@flyhong666
抽空已修复无法访问容器的问题,请使用新版本
另外编辑/复制容器的时候不会继承是由于没有下面这个补丁,我在置顶 known issues #29 中有提到,现在已经在第一次安装的适合热更新了这个补丁:
openwrt/luci@1d1ded1

现在是可以的。但目前还发现一点问题:编辑/复制容器的时候,提交,如果有某个地方参数设置错了,这下前面的内容就全被清空了,需要重新设置。

@flyhong666
Copy link
Author

2021-06-07_195840
还有,有时启动或者重启服务,会出现这样的错误。这时就必须要重启dockerd和dockerman 的服务才行。重启这个后,对防火墙那边又有影响,需要再重启一下防火墙的服务。

@lisaac
Copy link
Owner

lisaac commented Jun 7, 2021
edited
Loading

2021-06-07_195840

还有,有时启动或者重启服务,会出现这样的错误。这时就必须要重启dockerd和dockerman 的服务才行。重启这个后,对防火墙那边又有影响,需要再重启一下防火墙的服务。

  • openwrt官方搞的xx事情,他们把docker0加到接口上了,由于种种原因docker0和op管理接口的方式无法兼容,才会出现这种情况,这也是我一直不更新dockerman的原因,解决办法是将dockerd启动脚本中关于防火墙部分和接口部分删除,使用dockerman中的ac来解决访问控制

@lisaac
Copy link
Owner

lisaac commented Jun 7, 2021
edited
Loading

@flyhong666

抽空已修复无法访问容器的问题,请使用新版本

另外编辑/复制容器的时候不会继承是由于没有下面这个补丁,我在置顶 known issues #29 中有提到,现在已经在第一次安装的适合热更新了这个补丁:

openwrt/luci@1d1ded1

现在是可以的。但目前还发现一点问题:编辑/复制容器的时候,提交,如果有某个地方参数设置错了,这下前面的内容就全被清空了,需要重新设置。

这个可能暂时无解,涉及luci架构问题
可能以后重写个js版...

swirly0p pushed a commit to swirly0p/luci-app-dockerman that referenced this issue Jun 17, 2021
@lisaac
fix issue lisaac#83
dd97853 
commit: e580495
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@lisaac @QZQ-QSQ @kissyouhunter @flyhong666