tidy

2024-11-20 21:46:35 -06:00 · 2024-11-20 21:46:35 -06:00 · c434acc957
commit c434acc957
parent a30351fd68
1 changed files with 12 additions and 4 deletions
--- a/AlmaLinux.md
+++ b/AlmaLinux.md
@ -153,7 +153,9 @@ systemctl enable --now podman
 > [!NOTE] Read the docs.
 > `man podman-systemd.unit`

-### slirp4netns
+### Prepare host networking stack
+
+#### slirp4netns

 > [!TODO]
 > This may not be necessary but my system is currently using it.
@ -162,7 +164,7 @@ systemctl enable --now podman
 dnf install slirp4netns
 ```

-### Install DNS server for `podman`
+#### Install DNS server for `podman`

 > [!TODO]
 > Not sure how to resolve these correctly yet but the journal logs it
@ -171,8 +173,7 @@ dnf install slirp4netns
 ```bash
 dnf install aardvark-dns
 ```
-
-### Enable unprivileged port binding
+#### Allow rootless binding port 80+

 > [!NOTE] This is only necessary if you are setting up the reverse proxy.

@ -181,6 +182,13 @@ printf '%s\n' 'net.ipv4.ip_unprivileged_port_start=80' > /etc/sysctl.d/99-unpriv
 sysctl 'net.ipv4.ip_unprivileged_port_start=80'
 ```

+#### Allow containers to route within multiple networks
+
+```bash
+printf '%s\n' 'net.ipv4.conf.all.rp_filter=2' > /etc/sysctl.d/99-reverse-path-loose.conf
+sysctl -w net.ipv4.conf.all.rp_filter=2
+```
+
 ### Prepare container user

 This user will be the owner of all containers with no login shell or root