My cni config:
{
"cniVersion": "0.4.0",
"name": "podman",
"plugins": [
{
"type": "bridge",
"bridge": "cni-podman0",
"isGateway": true,
"ipMasq": false,
"ipam": {
"type": "host-local",
"routes": [{ "dst": "0.0.0.0/0" }],
"ranges": [
[
{
"subnet": "10.129.0.0/24",
"gateway": "10.129.0.1"
}
]
]
}
}
]
}
In my /etc/config/network I have:
config interface 'podman'
#option proto 'none'
option proto 'podman'
option device 'cni-podman0'
option ipaddr '10.129.0.1'
option netmask '255.255.255.0'
option autostart false
and in my /etc/config/firewall I have:
config zone
option name 'podman'
option input 'REJECT'
option output 'ACCEPT'
option forward 'ACCEPT'
option mtu_fix '1'
list network 'podman'
config forwarding
option src 'lan'
option dest 'podman'
config forwarding
option src 'podman'
option dest 'wan'
If necessary, add..
option src 'wan'
option dest 'podman'
I run nginx and caddy on a pod.. I set it up with static ip..
podman pod create --replace --name mypod --hostname mypod --infra-name mypod-infra --ip 10.129.0.2
This configuration sets proper routing, lan can access to pod/containers and not the other way around. Port forwards are set from /etc/config/firewall
config redirect
option name 'Allow-HTTP'
option src 'wan'
option dest 'podman'
option src_dport '80'
option dest_ip '10.129.0.2'
option dest_port '80'
option proto 'tcp'
option target 'DNAT'
posted by @oskarirauta in openwrt/packages#16818 (comment)_