medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update docs/tech_docs/OpenWrt.md

Browse Source
This commit is contained in:
medusa
2024-04-19 03:55:04 +00:00
parent 1f87c71115
commit 0b268d9be6
1 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

289
docs/tech_docs/OpenWrt.md Normal file
View File

@@ -0,0 +1,289 @@
To streamline your guide for setting up Proxmox containers with OpenWRT and configuring the necessary firewall rules for SSH and HTTPS access, heres a refined and concise approach:
### Proxmox Container Creation
Below are the commands to create three different containers, each with a unique configuration for network interfaces:
#### **Container 1 Setup:**
```bash
pct create 101 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-0 --storage local-lvm \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr1,firewall=1
```
#### **Container 2 Setup:**
```bash
pct create 101 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-1 --storage local-lvm \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr2,firewall=1
```
#### **Container 3 Setup:**
```bash
pct create 102 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-2 --storage local-lvm \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr3,firewall=1
```
### OpenWRT Firewall Configuration
You need to ensure that `eth1` is recognized as the WAN interface on each OpenWRT container. Configure the network settings and define firewall rules to allow SSH and HTTPS access.
#### **Define Network Interfaces**:
Update the `/etc/config/network` to reflect `eth1` as the WAN interface. This setup applies universally across your containers:
```bash
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
```
#### **Update Firewall Settings**:
In `/etc/config/firewall`, append rules to allow SSH and HTTPS access. The following rules will enable connectivity for management via `eth1`:
```bash
config zone
option name 'wan'
list network 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config rule
option name 'Allow-SSH'
option src 'wan'
option proto 'tcp'
option dest_port '22'
option target 'ACCEPT'
config rule
option name 'Allow-HTTPS'
option src 'wan'
option proto 'tcp'
option dest_port '443'
option target 'ACCEPT'
```
### Applying the Configuration
After updating the configuration files, you should apply the changes:
- **Restart Network Services**:
```bash
/etc/init.d/network restart
```
- **Reload Firewall Settings**:
```bash
/etc/init.d/firewall restart
```
### Final Considerations
- **Security**: Implement strong authentication methods, such as key-based SSH access.
- **Testing**: Verify connectivity by accessing SSH and HTTPS from a network outside your LAN.
- **Backup Configurations**: Always back up your configurations before making significant changes.
This streamlined guide provides a clear and effective method for deploying Proxmox containers with OpenWRT, configured for remote management access through SSH and HTTPS on the WAN interface.
---
### Creating a Virtual Bridge (vmbr) in Proxmox via CLI
To create a new virtual bridge (`vmbrX`) on Proxmox using the command line, you need to edit the network configuration file located at `/etc/network/interfaces`. Heres how you can do it:
1. **Access the Proxmox Host**:
Connect to your Proxmox server via SSH.
2. **Edit the Network Configuration File**:
Open the `/etc/network/interfaces` file in a text editor, such as `nano` or `vim`.
```bash
vim /etc/network/interfaces
```
3. **Add Configuration for a New Bridge**:
Add the following lines to the file to create a new bridge. Replace `X` with the appropriate number for your new bridge.
```bash
auto vmbrX
iface vmbrX inet static
address 192.168.X.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
```
4. **Save and Apply Changes**:
Save the changes and restart the networking service to apply them.
```bash
systemctl restart networking
```
This setup creates a bridge with no physical interfaces attached (isolated bridge). If you want to attach physical interfaces, replace `none` in `bridge_ports` with the name of the interface (e.g., `eth0`).
### Adjusting Network Interface Configuration in OpenWRT
To swap interfaces or change the DHCP setting to static IP or vice versa in OpenWRT, you can modify the `/etc/config/network` file. Here's how to make these adjustments:
#### **Changing Interface Assignment (Swapping Interfaces)**
If you want to change which physical interface (e.g., from `eth0` to `eth1`) is used for WAN, modify the `option ifname` line under the corresponding section:
```bash
config interface 'wan'
option ifname 'eth1' # Changed from eth0 to eth1
option proto 'dhcp'
```
#### **Changing DHCP to Static IP (or Vice Versa)**
To change an interface from DHCP to static IP:
1. Change the `option proto 'dhcp'` to `option proto 'static'`.
2. Specify the `option ipaddr` and `option netmask` (and optionally, `option gateway` and `option dns`).
Example for a static IP configuration:
```bash
config interface 'wan'
option ifname 'eth0'
option proto 'static'
option ipaddr '192.168.1.2'
option netmask '255.255.255.0'
option gateway '192.168.1.1'
option dns '192.168.1.1'
```
To revert to DHCP:
```bash
config interface 'wan'
option ifname 'eth0'
option proto 'dhcp'
```
#### **Applying Changes in OpenWRT**
After making changes to the `/etc/config/network` file:
1. **Restart the Network Service** to apply the changes:
```bash
/etc/init.d/network restart
```
2. **Test Connectivity** to ensure that your network configurations work as expected.
These steps allow you to flexibly configure and manage network settings directly from the CLI, accommodating changes in network design or infrastructure requirements efficiently.
---
```bash
auto lo
iface lo inet loopback
iface enp3s0 inet manual
auto vmbr0
iface vmbr0 inet dhcp
bridge-ports enp3s0
bridge-stp off
bridge-fd 0
auto vmbr1
iface vmbr1 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0
auto vmbr2
iface vmbr2 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0
auto vmbr3
iface vmbr3 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0
iface wlp2s0 inet manual
source /etc/network/interfaces.d/*
```
---
For your standalone Proxmox setup, switching between static and dynamic IP configurations and managing virtual bridges are important tasks. Below, I'll provide a concise guide to handle these changes effectively and safely.
### Switching from Static IP to DHCP:
1. **Update Network Interface Configuration:**
- Open `/etc/network/interfaces` in a text editor:
```bash
nano /etc/network/interfaces
```
- Change the `vmbr0` configuration from static to DHCP:
```bash
auto vmbr0
iface vmbr0 inet dhcp
bridge-ports enp3s0
bridge-stp off
bridge-fd 0
```
- Save the changes and exit the editor.
2. **Restart Networking to Apply Changes:**
- Apply the new network settings:
```bash
systemctl restart networking
```
3. **Find the New DHCP-Assigned IP Address:**
- After the network restarts, check the assigned IP:
```bash
ip addr show vmbr0
```
4. **Update `/etc/hosts` with the New IP:**
- Edit the `/etc/hosts` file to replace the old static IP with the new one:
```bash
nano /etc/hosts
```
- Modify the line with the old IP to the new one you just obtained:
```plaintext
192.168.86.62 whitebox.foxtrot.lan whitebox # Old IP
192.168.x.x whitebox.foxtrot.lan whitebox # New DHCP IP
```
- Save and exit.
5. **Reserve IP in DHCP Server (Optional but Recommended):**
- To ensure the IP does not change on reboots, reserve the IP in your DHCP server settings to always assign the same IP to the MAC address of `vmbr0`.
### Creating a New Virtual Bridge (`vmbrX`):
1. **Add a New Virtual Bridge Configuration:**
- Edit `/etc/network/interfaces`:
```bash
nano /etc/network/interfaces
```
- Add a new bridge configuration at the end of the file:
```bash
auto vmbrX # Replace X with the next available number
iface vmbrX inet manual
bridge-ports none
bridge-stp off
bridge-fd 0
```
- Save and exit the editor.
2. **Activate the New Bridge:**
- Restart the networking service to bring up the new bridge:
```bash
systemctl restart networking
```
### General Notes:
- **Backup Configurations:** Always backup configuration files before making changes (`cp /etc/network/interfaces /etc/network/interfaces.bak`).
- **Documentation:** Update all relevant documentation with the new bridge details and IP changes.
- **Monitoring:** Monitor the network and server behavior after changes to ensure everything is functioning as expected.
This approach provides a structured method to manage IP address configurations and virtual bridges on your Proxmox server, enhancing flexibility and ensuring consistent network settings across system reboots or changes.