From d6d98ce371465688802e5b97ff8c62ebebeb8b51 Mon Sep 17 00:00:00 2001 From: medusa Date: Fri, 19 Apr 2024 20:12:21 +0000 Subject: [PATCH] Update docs/tech_docs/OpenWrt.md --- docs/tech_docs/OpenWrt.md | 312 +------------------------------------- 1 file changed, 5 insertions(+), 307 deletions(-) diff --git a/docs/tech_docs/OpenWrt.md b/docs/tech_docs/OpenWrt.md index 93d214a..8c69f80 100644 --- a/docs/tech_docs/OpenWrt.md +++ b/docs/tech_docs/OpenWrt.md @@ -30,10 +30,9 @@ pct create 101 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 ### OpenWRT Firewall Configuration -The network interface and firewall configuration remains the same as before: - -#### **Define Network Interfaces**: -Update `/etc/config/network` to reflect `eth0` as the WAN interface: +```bash +passwd +``` ```bash vi /etc/config/network @@ -56,6 +55,7 @@ config interface 'lan' option ipaddr '10.0.0.1' option netmask '255.255.255.0' ``` + ```bash vi /etc/config/firewall ``` @@ -82,6 +82,7 @@ config rule option dest_port '80' option target 'ACCEPT' ``` + ### Applying the Configuration After updating the configuration files: @@ -123,309 +124,6 @@ pct console 101 --- -Here's an updated OpenWRT container configuration with a smaller footprint: - -### Proxmox Container Creation - -Use the following command to create a new container with reduced memory and storage: - -```bash -pct create 100 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-0 --tag network --storage local-lvm --memory 128 --swap 0 --rootfs local-lvm:2,size=1G \ ---net0 name=eth0,bridge=vmbr0,firewall=1 \ ---net1 name=eth1,bridge=vmbr1,firewall=1 -``` - -```bash -pct create 101 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-1 --tag network --storage local-lvm --memory 128 --swap 0 --rootfs local-lvm:2,size=1G \ ---net0 name=eth0,bridge=vmbr0,firewall=1 \ ---net1 name=eth1,bridge=vmbr1,firewall=1 -``` - -```bash -pct create 102 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-2 --tag network --storage local-lvm --memory 128 --swap 0 --rootfs local-lvm:2,size=1G \ ---net0 name=eth0,bridge=vmbr0,firewall=1 \ ---net1 name=eth1,bridge=vmbr1,firewall=1 -``` - -Key changes: -- Reduced memory to 128MB (`--memory 128`) -- Disabled swap (`--swap 0`) -- Reduced rootfs size to 1GB (`--rootfs local-lvm:2,size=1G`) - -### OpenWRT Firewall Configuration - -The network interface and firewall configuration remains the same as before: - -#### **Define Network Interfaces**: -Update `/etc/config/network` to reflect `eth1` as the WAN interface: - -```bash -config interface 'wan' - option ifname 'eth1' - option proto 'dhcp' -``` - -#### **Update Firewall Settings**: -Append rules to `/etc/config/firewall` to allow SSH and HTTPS access: - -```bash -config zone - option name 'wan' - list network 'wan' - option input 'REJECT' - option output 'ACCEPT' - option forward 'REJECT' - option masq '1' - option mtu_fix '1' - -config rule - option name 'Allow-SSH' - option src 'wan' - option proto 'tcp' - option dest_port '22' - option target 'ACCEPT' - -config rule - option name 'Allow-HTTPS' - option src 'wan' - option proto 'tcp' - option dest_port '443' - option target 'ACCEPT' -``` - -### Applying the Configuration - -After updating the configuration files: - -- **Restart Network Services**: - ```bash - /etc/init.d/network restart - ``` - -- **Reload Firewall Settings**: - ```bash - /etc/init.d/firewall restart - ``` - -This setup reduces the memory and storage footprint of the OpenWRT container while maintaining the necessary network and firewall configurations for SSH and HTTPS access. - -Remember to test connectivity and functionality thoroughly after applying these changes to ensure the reduced resource allocation meets your requirements. - ---- - -To streamline your guide for setting up Proxmox containers with OpenWRT and configuring the necessary firewall rules for SSH and HTTPS access, here’s a refined and concise approach: - -### Proxmox Container Creation - -Below are the commands to create three different containers, each with a unique configuration for network interfaces: - -#### **Container 1 Setup:** -```bash -pct create 101 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-0 --storage local-lvm \ ---net0 name=eth0,bridge=vmbr0,firewall=1 \ ---net1 name=eth1,bridge=vmbr1,firewall=1 -``` - -#### **Container 2 Setup:** -```bash -pct create 101 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-1 --storage local-lvm \ ---net0 name=eth0,bridge=vmbr0,firewall=1 \ ---net1 name=eth1,bridge=vmbr2,firewall=1 -``` - -#### **Container 3 Setup:** -```bash -pct create 102 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-2 --storage local-lvm \ ---net0 name=eth0,bridge=vmbr0,firewall=1 \ ---net1 name=eth1,bridge=vmbr3,firewall=1 -``` - -### OpenWRT Firewall Configuration - -You need to ensure that `eth1` is recognized as the WAN interface on each OpenWRT container. Configure the network settings and define firewall rules to allow SSH and HTTPS access. - -#### **Define Network Interfaces**: -Update the `/etc/config/network` to reflect `eth1` as the WAN interface. This setup applies universally across your containers: - -```bash -config interface 'wan' - option ifname 'eth1' - option proto 'dhcp' -``` - -#### **Update Firewall Settings**: -In `/etc/config/firewall`, append rules to allow SSH and HTTPS access. The following rules will enable connectivity for management via `eth1`: - -```bash -config zone - option name 'wan' - list network 'wan' - option input 'REJECT' - option output 'ACCEPT' - option forward 'REJECT' - option masq '1' - option mtu_fix '1' - -config rule - option name 'Allow-SSH' - option src 'wan' - option proto 'tcp' - option dest_port '22' - option target 'ACCEPT' - -config rule - option name 'Allow-HTTPS' - option src 'wan' - option proto 'tcp' - option dest_port '443' - option target 'ACCEPT' -``` - -### Applying the Configuration - -After updating the configuration files, you should apply the changes: - -- **Restart Network Services**: - ```bash - /etc/init.d/network restart - ``` - -- **Reload Firewall Settings**: - ```bash - /etc/init.d/firewall restart - ``` - -### Final Considerations - -- **Security**: Implement strong authentication methods, such as key-based SSH access. -- **Testing**: Verify connectivity by accessing SSH and HTTPS from a network outside your LAN. -- **Backup Configurations**: Always back up your configurations before making significant changes. - -This streamlined guide provides a clear and effective method for deploying Proxmox containers with OpenWRT, configured for remote management access through SSH and HTTPS on the WAN interface. - ---- - -### Creating a Virtual Bridge (vmbr) in Proxmox via CLI - -To create a new virtual bridge (`vmbrX`) on Proxmox using the command line, you need to edit the network configuration file located at `/etc/network/interfaces`. Here’s how you can do it: - -1. **Access the Proxmox Host**: - Connect to your Proxmox server via SSH. - -2. **Edit the Network Configuration File**: - Open the `/etc/network/interfaces` file in a text editor, such as `nano` or `vim`. - ```bash - vim /etc/network/interfaces - ``` - -3. **Add Configuration for a New Bridge**: - Add the following lines to the file to create a new bridge. Replace `X` with the appropriate number for your new bridge. - ```bash - auto vmbrX - iface vmbrX inet static - address 192.168.X.1 - netmask 255.255.255.0 - bridge_ports none - bridge_stp off - bridge_fd 0 - ``` - -4. **Save and Apply Changes**: - Save the changes and restart the networking service to apply them. - ```bash - systemctl restart networking - ``` - -This setup creates a bridge with no physical interfaces attached (isolated bridge). If you want to attach physical interfaces, replace `none` in `bridge_ports` with the name of the interface (e.g., `eth0`). - -### Adjusting Network Interface Configuration in OpenWRT - -To swap interfaces or change the DHCP setting to static IP or vice versa in OpenWRT, you can modify the `/etc/config/network` file. Here's how to make these adjustments: - -#### **Changing Interface Assignment (Swapping Interfaces)** - -If you want to change which physical interface (e.g., from `eth0` to `eth1`) is used for WAN, modify the `option ifname` line under the corresponding section: - -```bash -config interface 'wan' - option ifname 'eth1' # Changed from eth0 to eth1 - option proto 'dhcp' -``` - -#### **Changing DHCP to Static IP (or Vice Versa)** - -To change an interface from DHCP to static IP: -1. Change the `option proto 'dhcp'` to `option proto 'static'`. -2. Specify the `option ipaddr` and `option netmask` (and optionally, `option gateway` and `option dns`). - -Example for a static IP configuration: -```bash -config interface 'wan' - option ifname 'eth0' - option proto 'static' - option ipaddr '192.168.1.2' - option netmask '255.255.255.0' - option gateway '192.168.1.1' - option dns '192.168.1.1' -``` - -To revert to DHCP: -```bash -config interface 'wan' - option ifname 'eth0' - option proto 'dhcp' -``` - -#### **Applying Changes in OpenWRT** - -After making changes to the `/etc/config/network` file: -1. **Restart the Network Service** to apply the changes: - ```bash - /etc/init.d/network restart - ``` - -2. **Test Connectivity** to ensure that your network configurations work as expected. - -These steps allow you to flexibly configure and manage network settings directly from the CLI, accommodating changes in network design or infrastructure requirements efficiently. - ---- - -```bash -auto lo -iface lo inet loopback - -iface enp3s0 inet manual - -auto vmbr0 -iface vmbr0 inet dhcp - bridge-ports enp3s0 - bridge-stp off - bridge-fd 0 - -auto vmbr1 -iface vmbr1 inet manual - bridge-ports none - bridge-stp off - bridge-fd 0 - -auto vmbr2 -iface vmbr2 inet manual - bridge-ports none - bridge-stp off - bridge-fd 0 - -auto vmbr3 -iface vmbr3 inet manual - bridge-ports none - bridge-stp off - bridge-fd 0 - -iface wlp2s0 inet manual - -source /etc/network/interfaces.d/* -``` - ---- For your standalone Proxmox setup, switching between static and dynamic IP configurations and managing virtual bridges are important tasks. Below, I'll provide a concise guide to handle these changes effectively and safely. ### Switching from Static IP to DHCP: