From 9d8bee3834f75fd84070cabf7e70dba91efebb4d Mon Sep 17 00:00:00 2001 From: Dominique Martinet Date: Fri, 1 Jul 2022 11:20:13 +0900 Subject: [PATCH] WIP: dns: start aardvark-dns on a different port hardcode port 1153 and assume aardvark-dns is always started for now Signed-off-by: Dominique Martinet Fixes: containers/aardvark-dns#13 --- src/dns/aardvark.rs | 2 +- src/firewall/varktables/types.rs | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/dns/aardvark.rs b/src/dns/aardvark.rs index 20daa09de..1da03a3af 100644 --- a/src/dns/aardvark.rs +++ b/src/dns/aardvark.rs @@ -95,7 +95,7 @@ impl Aardvark { "--config", &self.config, "-p", - "53", + "1153", "run", ]); diff --git a/src/firewall/varktables/types.rs b/src/firewall/varktables/types.rs index 5be415dd3..11a0efc6c 100644 --- a/src/firewall/varktables/types.rs +++ b/src/firewall/varktables/types.rs @@ -359,6 +359,18 @@ pub fn get_port_forwarding_chains<'a>( netavark_hashed_dn_chain.create = true; } + // Create redirection for aardvark-dns on non-standard port + if let Some(gateway) = network_address.gateway { + netavark_hostport_dn_chain.create = true; + netavark_hostport_dn_chain.build_rule(VarkRule::new( + format!( + "-j {} -d {} -p {} --dport {} --to-destination {}:{} {}", + DNAT, gateway, "udp", 53, gateway, 1153, comment_dn_network_cid + ), + None, + )); + } + for i in pfwd.port_mappings.clone() { if let Ok(ip) = i.host_ip.parse::() { match ip {