7.5 stable已发布,支持container. (升级并找到extra packages里的container.npk拖到files 重启)
https://download.mikrotik.com/routeros/7.5/all_packages-arm-7.5.zip
https://download.mikrotik.com/routeros/7.5/all_packages-arm64-7.5.zip
https://download.mikrotik.com/routeros/7.5/all_packages-x86-7.5.zip
开启容器模式
/system/device-mode/update container=yes
硬路由: 长按reset 直至重启即可
x86: 拔电源 冷启动
CHR:
Esxi下, actions- power- power off or reset
Pve下, 需要命令强制关闭 qm stop id
如果不行 重复操作一次(可能有bug
设置镜像链接
/container/config/set registry-url=https://registry-1.docker.io tmpdir=/docker_images
https://docker.mirrors.sjtug.sjtu.edu.cn
https://docker.nju.edu.cn
https://hub-mirror.c.163.com
https://docker.m.daocloud.io
https://dockerproxy.com
https://mirror.baidubce.com
限制内存使用
/container/config/set ram-high=200M
创建虚拟接口
/interface/veth/add name=veth1 address=172.22.0.2/24 gateway=172.22.0.1
创建桥
/interface/bridge/add name=docker
/ip/address/add address=172.22.0.1/24 interface=docker
/interface/bridge/port add bridge=docker interface=veth1
伪装
/ip/firewall/nat/add chain=srcnat action=masquerade src-address=172.22.0.1/24
创建容器
/container/mountsadd dst=/etc/clash/config.yaml name=clash_config src=/docker_mounts/clash_config/config.yaml
注意配置文件加上tun字段:
interface-name: eth0
tun:
enable: true
stack: system
dns-hijack:
- any:53
- tcp://any:53
/container/add remote-image=tinyserve/clash:latest interface=veth1 root-dir=/clash mounts=clash_config logging=yes
/container/start 0
/container/set 0 start-on-boot=yes (7.6+ support start-on-boot)
开启启动
/system scheduler
add name=schedule2 on-event="/container/start 0" \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startup
打开面板查看
172.22.0.2:9090/ui
此时已经完成clash容器安装
如需透明代理 :
修改接口为内网ip段 并加入主桥
并修改 dhcp的网关 dns
