medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update docs/tech_docs/OpenWrt.md

Browse Source
This commit is contained in:
medusa
2024-04-19 20:12:21 +00:00
parent 1ef2b5a409
commit d6d98ce371
1 changed files with 5 additions and 307 deletions
Download Patch File Download Diff File Expand all files Collapse all files

312
docs/tech_docs/OpenWrt.md
View File

@@ -30,10 +30,9 @@ pct create 101 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1
### OpenWRT Firewall Configuration
The network interface and firewall configuration remains the same as before:
#### **Define Network Interfaces**:
Update `/etc/config/network` to reflect `eth0` as the WAN interface:
```bash
passwd
```
```bash
vi /etc/config/network
@@ -56,6 +55,7 @@ config interface 'lan'
option ipaddr '10.0.0.1'
option netmask '255.255.255.0'
```
```bash
vi /etc/config/firewall
```
@@ -82,6 +82,7 @@ config rule
option dest_port '80'
option target 'ACCEPT'
```
### Applying the Configuration
After updating the configuration files:
@@ -123,309 +124,6 @@ pct console 101
---
Here's an updated OpenWRT container configuration with a smaller footprint:
### Proxmox Container Creation
Use the following command to create a new container with reduced memory and storage:
```bash
pct create 100 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-0 --tag network --storage local-lvm --memory 128 --swap 0 --rootfs local-lvm:2,size=1G \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr1,firewall=1
```
```bash
pct create 101 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-1 --tag network --storage local-lvm --memory 128 --swap 0 --rootfs local-lvm:2,size=1G \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr1,firewall=1
```
```bash
pct create 102 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-2 --tag network --storage local-lvm --memory 128 --swap 0 --rootfs local-lvm:2,size=1G \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr1,firewall=1
```
Key changes:
- Reduced memory to 128MB (`--memory 128`)
- Disabled swap (`--swap 0`)
- Reduced rootfs size to 1GB (`--rootfs local-lvm:2,size=1G`)
### OpenWRT Firewall Configuration
The network interface and firewall configuration remains the same as before:
#### **Define Network Interfaces**:
Update `/etc/config/network` to reflect `eth1` as the WAN interface:
```bash
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
```
#### **Update Firewall Settings**:
Append rules to `/etc/config/firewall` to allow SSH and HTTPS access:
```bash
config zone
option name 'wan'
list network 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config rule
option name 'Allow-SSH'
option src 'wan'
option proto 'tcp'
option dest_port '22'
option target 'ACCEPT'
config rule
option name 'Allow-HTTPS'
option src 'wan'
option proto 'tcp'
option dest_port '443'
option target 'ACCEPT'
```
### Applying the Configuration
After updating the configuration files:
- **Restart Network Services**:
```bash
/etc/init.d/network restart
```
- **Reload Firewall Settings**:
```bash
/etc/init.d/firewall restart
```
This setup reduces the memory and storage footprint of the OpenWRT container while maintaining the necessary network and firewall configurations for SSH and HTTPS access.
Remember to test connectivity and functionality thoroughly after applying these changes to ensure the reduced resource allocation meets your requirements.
---
To streamline your guide for setting up Proxmox containers with OpenWRT and configuring the necessary firewall rules for SSH and HTTPS access, heres a refined and concise approach:
### Proxmox Container Creation
Below are the commands to create three different containers, each with a unique configuration for network interfaces:
#### **Container 1 Setup:**
```bash
pct create 101 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-0 --storage local-lvm \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr1,firewall=1
```
#### **Container 2 Setup:**
```bash
pct create 101 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-1 --storage local-lvm \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr2,firewall=1
```
#### **Container 3 Setup:**
```bash
pct create 102 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-2 --storage local-lvm \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr3,firewall=1
```
### OpenWRT Firewall Configuration
You need to ensure that `eth1` is recognized as the WAN interface on each OpenWRT container. Configure the network settings and define firewall rules to allow SSH and HTTPS access.
#### **Define Network Interfaces**:
Update the `/etc/config/network` to reflect `eth1` as the WAN interface. This setup applies universally across your containers:
```bash
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
```
#### **Update Firewall Settings**:
In `/etc/config/firewall`, append rules to allow SSH and HTTPS access. The following rules will enable connectivity for management via `eth1`:
```bash
config zone
option name 'wan'
list network 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config rule
option name 'Allow-SSH'
option src 'wan'
option proto 'tcp'
option dest_port '22'
option target 'ACCEPT'
config rule
option name 'Allow-HTTPS'
option src 'wan'
option proto 'tcp'
option dest_port '443'
option target 'ACCEPT'
```
### Applying the Configuration
After updating the configuration files, you should apply the changes:
- **Restart Network Services**:
```bash
/etc/init.d/network restart
```
- **Reload Firewall Settings**:
```bash
/etc/init.d/firewall restart
```
### Final Considerations
- **Security**: Implement strong authentication methods, such as key-based SSH access.
- **Testing**: Verify connectivity by accessing SSH and HTTPS from a network outside your LAN.
- **Backup Configurations**: Always back up your configurations before making significant changes.
This streamlined guide provides a clear and effective method for deploying Proxmox containers with OpenWRT, configured for remote management access through SSH and HTTPS on the WAN interface.
---
### Creating a Virtual Bridge (vmbr) in Proxmox via CLI
To create a new virtual bridge (`vmbrX`) on Proxmox using the command line, you need to edit the network configuration file located at `/etc/network/interfaces`. Heres how you can do it:
1. **Access the Proxmox Host**:
Connect to your Proxmox server via SSH.
2. **Edit the Network Configuration File**:
Open the `/etc/network/interfaces` file in a text editor, such as `nano` or `vim`.
```bash
vim /etc/network/interfaces
```
3. **Add Configuration for a New Bridge**:
Add the following lines to the file to create a new bridge. Replace `X` with the appropriate number for your new bridge.
```bash
auto vmbrX
iface vmbrX inet static
address 192.168.X.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
```
4. **Save and Apply Changes**:
Save the changes and restart the networking service to apply them.
```bash
systemctl restart networking
```
This setup creates a bridge with no physical interfaces attached (isolated bridge). If you want to attach physical interfaces, replace `none` in `bridge_ports` with the name of the interface (e.g., `eth0`).
### Adjusting Network Interface Configuration in OpenWRT
To swap interfaces or change the DHCP setting to static IP or vice versa in OpenWRT, you can modify the `/etc/config/network` file. Here's how to make these adjustments:
#### **Changing Interface Assignment (Swapping Interfaces)**
If you want to change which physical interface (e.g., from `eth0` to `eth1`) is used for WAN, modify the `option ifname` line under the corresponding section:
```bash
config interface 'wan'
option ifname 'eth1' # Changed from eth0 to eth1
option proto 'dhcp'
```
#### **Changing DHCP to Static IP (or Vice Versa)**
To change an interface from DHCP to static IP:
1. Change the `option proto 'dhcp'` to `option proto 'static'`.
2. Specify the `option ipaddr` and `option netmask` (and optionally, `option gateway` and `option dns`).
Example for a static IP configuration:
```bash
config interface 'wan'
option ifname 'eth0'
option proto 'static'
option ipaddr '192.168.1.2'
option netmask '255.255.255.0'
option gateway '192.168.1.1'
option dns '192.168.1.1'
```
To revert to DHCP:
```bash
config interface 'wan'
option ifname 'eth0'
option proto 'dhcp'
```
#### **Applying Changes in OpenWRT**
After making changes to the `/etc/config/network` file:
1. **Restart the Network Service** to apply the changes:
```bash
/etc/init.d/network restart
```
2. **Test Connectivity** to ensure that your network configurations work as expected.
These steps allow you to flexibly configure and manage network settings directly from the CLI, accommodating changes in network design or infrastructure requirements efficiently.
---
```bash
auto lo
iface lo inet loopback
iface enp3s0 inet manual
auto vmbr0
iface vmbr0 inet dhcp
bridge-ports enp3s0
bridge-stp off
bridge-fd 0
auto vmbr1
iface vmbr1 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0
auto vmbr2
iface vmbr2 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0
auto vmbr3
iface vmbr3 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0
iface wlp2s0 inet manual
source /etc/network/interfaces.d/*
```
---
For your standalone Proxmox setup, switching between static and dynamic IP configurations and managing virtual bridges are important tasks. Below, I'll provide a concise guide to handle these changes effectively and safely.
### Switching from Static IP to DHCP: