medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add docs/tech_docs/OPENwrt.md

Browse Source
This commit is contained in:
medusa
2024-04-18 16:34:39 +00:00
parent 165274eec3
commit 8d82faf64d
1 changed files with 71 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
docs/tech_docs/OPENwrt.md Normal file
View File

@@ -0,0 +1,71 @@
To set up a Proxmox container (CT) with OpenWRT using the `pct create` command and configure the firewall to allow SSH and HTTPS access on the WAN interface (`eth1`), let's compile a comprehensive guide including the commands for creating the container and the necessary firewall configuration within OpenWRT.
### Container Creation with Proxmox
First, let's clarify the Proxmox command for creating the container:
```bash
pct create 106 /var/lib/vz/template/cache/rootfs.tar.xz --unprivileged 1 --ostype unmanaged --hostname openwrt --storage local-lvm \
--net0 name=eth0,bridge=vmbr0,firewall=1,gw=192.168.1.1,ip=192.168.1.2/24 \
--net1 name=eth1,bridge=vmbr1,firewall=1 \
--net2 name=eth2,bridge=vmbr2,firewall=1
```
This command creates an unprivileged container with ID 106, using an OpenWRT root filesystem. It configures three network interfaces:
- **eth0**: Main LAN interface with a static IP and gateway.
- **eth1**: WAN interface on `vmbr1`, which will be used to allow external SSH and HTTPS access.
- **eth2**: Additional network interface.
### Firewall Configuration in OpenWRT
For the OpenWRT container to allow SSH (port 22) and HTTPS (port 443) on `eth1`, you must ensure that `eth1` is treated as the WAN interface in OpenWRT's network and firewall settings. Here's how to set up the necessary firewall rules within the OpenWRT system:
1. **Define Network Interfaces in OpenWRT**:
Ensure `eth1` is configured as the WAN interface in `/etc/config/network`. This might look something like this:
```bash
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
```
2. **Update Firewall Settings**:
In `/etc/config/firewall`, you should add rules to allow SSH and HTTPS. These rules need to specify that they apply to traffic coming in on `eth1` (which should be associated with the `wan` zone). Heres how you would configure the firewall:
```bash
config zone
option name 'wan'
list network 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config rule
option name 'Allow-SSH'
option src 'wan'
option dest_port '22'
option proto 'tcp'
option target 'ACCEPT'
config rule
option name 'Allow-HTTPS'
option src 'wan'
option dest_port '443'
option proto 'tcp'
option target 'ACCEPT'
```
### Applying the Configuration
After editing the configuration files, apply the changes:
- Restart the network service: `/etc/init.d/network restart`
- Reload the firewall: `/etc/init.d/firewall restart`
### Final Considerations
- **Security**: Ensure you have set strong passwords and consider using key-based authentication for SSH.
- **Testing**: After setting up, test the accessibility of SSH and HTTPS from outside your LAN to confirm the firewall rules are working as expected.
- **Backup Configurations**: Always keep backups of your configurations before making significant changes.
This setup will configure your Proxmox container with OpenWRT to allow SSH and HTTPS traffic on `eth1`, ensuring remote management capabilities from the WAN side.