Installing Dante proxy server on Podman on Oracle Linux 9 located in a specific VLAN with systemd and iptables configured
Prepare the system
dnf makecache
dnf update
dnf install iproute
Install Podman
dnf install podman
systemctl enable --now podman
Install Podman Compose
dnf install epel-release
dnf install podman-compose
Сreate /var/lib/podman/dante/Containerfile file
FROM almalinux:10
RUN \
dnf -y install epel-release && \
/usr/bin/crb enable && \
dnf -y install dante-server && \
systemctl enable sockd && \
dnf install -y iptables-services && \
systemctl enable iptables && \
systemctl enable ip6tables && \
dnf install -y iproute && \
cp /etc/sockd.conf /etc/sockd.conf.backup
COPY <<EOF /etc/sockd.conf
internal.protocol: ipv4
internal: eth0 port=12345
external.protocol: ipv4
external: eth0
clientmethod: none
socksmethod: none
client pass { from: 192.168.0.0/16 port 1-65535 to: eth0 }
socks block { from: 0/0 to: lo }
socks pass { from: 0/0 to: 0/0 }
EOF
COPY <<EOF /etc/sysconfig/iptables
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 12345 -j ACCEPT
COMMIT
EOF
COPY <<EOF /etc/sysconfig/ip6tables
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
COMMIT
EOF
CMD [ "/sbin/init" ]
Create /var/lib/podman/dante/container-compose.yml file
networks:
vlan100:
external:
name: vlan100
services:
dante:
build:
context: .
container_name: dante
cap_add:
- NET_ADMIN
networks:
vlan100:
ipv4_address: 192.168.100.254
restart: always
Create a Podman network
podman network create -d ipvlan -o parent=vlan100 --subnet=192.168.100.0/24 --gateway=192.168.100.1 vlan100
Note: the corresponding VLAN interface (vlan100) should be configured on the Podman host
Start the container
podman compose -f /var/lib/podman/dante/container-compose.yml up -d