Update docs/tech_docs/OpenWrt.md

2024-04-19 20:12:21 +00:00
parent 1ef2b5a409
commit d6d98ce371
1 changed files with 5 additions and 307 deletions
--- a/docs/tech_docs/OpenWrt.md
+++ b/docs/tech_docs/OpenWrt.md
@@ -30,10 +30,9 @@ pct create 101 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1
 ### OpenWRT Firewall Configuration
-The network interface and firewall configuration remains the same as before:
+```bash
-
+passwd
-#### **Define Network Interfaces**:
+```
 Update `/etc/config/network` to reflect `eth0` as the WAN interface:
 ```bash
 vi /etc/config/network
@@ -56,6 +55,7 @@ config interface 'lan'
        option ipaddr '10.0.0.1'
        option netmask '255.255.255.0'
 ```
 ```bash
 vi /etc/config/firewall
 ```
@@ -82,6 +82,7 @@ config rule
    option dest_port '80'
    option target 'ACCEPT'    
 ```
 ### Applying the Configuration
 After updating the configuration files:
@@ -123,309 +124,6 @@ pct console 101
 ---
 Here's an updated OpenWRT container configuration with a smaller footprint:
 ### Proxmox Container Creation
 Use the following command to create a new container with reduced memory and storage:
 ```bash
 pct create 100 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-0 --tag network --storage local-lvm --memory 128 --swap 0 --rootfs local-lvm:2,size=1G \
 --net0 name=eth0,bridge=vmbr0,firewall=1 \
 --net1 name=eth1,bridge=vmbr1,firewall=1
 ```
 ```bash
 pct create 101 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-1 --tag network --storage local-lvm --memory 128 --swap 0 --rootfs local-lvm:2,size=1G \
 --net0 name=eth0,bridge=vmbr0,firewall=1 \
 --net1 name=eth1,bridge=vmbr1,firewall=1
 ```
 ```bash
 pct create 102 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-2 --tag network --storage local-lvm --memory 128 --swap 0 --rootfs local-lvm:2,size=1G \
 --net0 name=eth0,bridge=vmbr0,firewall=1 \
 --net1 name=eth1,bridge=vmbr1,firewall=1
 ```
 Key changes:
 - Reduced memory to 128MB (`--memory 128`)
 - Disabled swap (`--swap 0`)
 - Reduced rootfs size to 1GB (`--rootfs local-lvm:2,size=1G`)
 ### OpenWRT Firewall Configuration
 The network interface and firewall configuration remains the same as before:
 #### **Define Network Interfaces**:
 Update `/etc/config/network` to reflect `eth1` as the WAN interface:
 ```bash
 config interface 'wan'
    option ifname 'eth1'
    option proto 'dhcp'
 ```
 #### **Update Firewall Settings**:
 Append rules to `/etc/config/firewall` to allow SSH and HTTPS access:
 ```bash
 config zone
    option name 'wan'
    list network 'wan'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option masq '1'
    option mtu_fix '1'
 config rule
    option name 'Allow-SSH'
    option src 'wan'
    option proto 'tcp'
    option dest_port '22'
    option target 'ACCEPT'
 config rule
    option name 'Allow-HTTPS'
    option src 'wan'
    option proto 'tcp'
    option dest_port '443'
    option target 'ACCEPT'
 ```
 ### Applying the Configuration
 After updating the configuration files:
 - **Restart Network Services**:
  ```bash
  /etc/init.d/network restart
  ```
 - **Reload Firewall Settings**:
  ```bash
  /etc/init.d/firewall restart
  ```
 This setup reduces the memory and storage footprint of the OpenWRT container while maintaining the necessary network and firewall configurations for SSH and HTTPS access.
 Remember to test connectivity and functionality thoroughly after applying these changes to ensure the reduced resource allocation meets your requirements.
 ---
 To streamline your guide for setting up Proxmox containers with OpenWRT and configuring the necessary firewall rules for SSH and HTTPS access, here’s a refined and concise approach:
 ### Proxmox Container Creation
 Below are the commands to create three different containers, each with a unique configuration for network interfaces:
 #### **Container 1 Setup:**
 ```bash
 pct create 101 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-0 --storage local-lvm \
 --net0 name=eth0,bridge=vmbr0,firewall=1 \
 --net1 name=eth1,bridge=vmbr1,firewall=1
 ```
 #### **Container 2 Setup:**
 ```bash
 pct create 101 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-1 --storage local-lvm \
 --net0 name=eth0,bridge=vmbr0,firewall=1 \
 --net1 name=eth1,bridge=vmbr2,firewall=1
 ```
 #### **Container 3 Setup:**
 ```bash
 pct create 102 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-2 --storage local-lvm \
 --net0 name=eth0,bridge=vmbr0,firewall=1 \
 --net1 name=eth1,bridge=vmbr3,firewall=1
 ```
 ### OpenWRT Firewall Configuration
 You need to ensure that `eth1` is recognized as the WAN interface on each OpenWRT container. Configure the network settings and define firewall rules to allow SSH and HTTPS access.
 #### **Define Network Interfaces**:
 Update the `/etc/config/network` to reflect `eth1` as the WAN interface. This setup applies universally across your containers:
 ```bash
 config interface 'wan'
    option ifname 'eth1'
    option proto 'dhcp'
 ```
 #### **Update Firewall Settings**:
 In `/etc/config/firewall`, append rules to allow SSH and HTTPS access. The following rules will enable connectivity for management via `eth1`:
 ```bash
 config zone
    option name 'wan'
    list network 'wan'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option masq '1'
    option mtu_fix '1'
 config rule
    option name 'Allow-SSH'
    option src 'wan'
    option proto 'tcp'
    option dest_port '22'
    option target 'ACCEPT'
 config rule
    option name 'Allow-HTTPS'
    option src 'wan'
    option proto 'tcp'
    option dest_port '443'
    option target 'ACCEPT'
 ```
 ### Applying the Configuration
 After updating the configuration files, you should apply the changes:
 - **Restart Network Services**:
  ```bash
  /etc/init.d/network restart
  ```
 - **Reload Firewall Settings**:
  ```bash
  /etc/init.d/firewall restart
  ```
 ### Final Considerations
 - **Security**: Implement strong authentication methods, such as key-based SSH access.
 - **Testing**: Verify connectivity by accessing SSH and HTTPS from a network outside your LAN.
 - **Backup Configurations**: Always back up your configurations before making significant changes.
 This streamlined guide provides a clear and effective method for deploying Proxmox containers with OpenWRT, configured for remote management access through SSH and HTTPS on the WAN interface.
 ---
 ### Creating a Virtual Bridge (vmbr) in Proxmox via CLI
 To create a new virtual bridge (`vmbrX`) on Proxmox using the command line, you need to edit the network configuration file located at `/etc/network/interfaces`. Here’s how you can do it:
 1. **Access the Proxmox Host**:
   Connect to your Proxmox server via SSH.
 2. **Edit the Network Configuration File**:
   Open the `/etc/network/interfaces` file in a text editor, such as `nano` or `vim`.
   ```bash
   vim /etc/network/interfaces
   ```
 3. **Add Configuration for a New Bridge**:
   Add the following lines to the file to create a new bridge. Replace `X` with the appropriate number for your new bridge.
   ```bash
   auto vmbrX
   iface vmbrX inet static
       address 192.168.X.1
       netmask 255.255.255.0
       bridge_ports none
       bridge_stp off
       bridge_fd 0
   ```
 4. **Save and Apply Changes**:
   Save the changes and restart the networking service to apply them.
   ```bash
   systemctl restart networking
   ```
 This setup creates a bridge with no physical interfaces attached (isolated bridge). If you want to attach physical interfaces, replace `none` in `bridge_ports` with the name of the interface (e.g., `eth0`).
 ### Adjusting Network Interface Configuration in OpenWRT
 To swap interfaces or change the DHCP setting to static IP or vice versa in OpenWRT, you can modify the `/etc/config/network` file. Here's how to make these adjustments:
 #### **Changing Interface Assignment (Swapping Interfaces)**
 If you want to change which physical interface (e.g., from `eth0` to `eth1`) is used for WAN, modify the `option ifname` line under the corresponding section:
 ```bash
 config interface 'wan'
    option ifname 'eth1'  # Changed from eth0 to eth1
    option proto 'dhcp'
 ```
 #### **Changing DHCP to Static IP (or Vice Versa)**
 To change an interface from DHCP to static IP:
 1. Change the `option proto 'dhcp'` to `option proto 'static'`.
 2. Specify the `option ipaddr` and `option netmask` (and optionally, `option gateway` and `option dns`).
 Example for a static IP configuration:
 ```bash
 config interface 'wan'
    option ifname 'eth0'
    option proto 'static'
    option ipaddr '192.168.1.2'
    option netmask '255.255.255.0'
    option gateway '192.168.1.1'
    option dns '192.168.1.1'
 ```
 To revert to DHCP:
 ```bash
 config interface 'wan'
    option ifname 'eth0'
    option proto 'dhcp'
 ```
 #### **Applying Changes in OpenWRT**
 After making changes to the `/etc/config/network` file:
 1. **Restart the Network Service** to apply the changes:
   ```bash
   /etc/init.d/network restart
   ```
 2. **Test Connectivity** to ensure that your network configurations work as expected.
 These steps allow you to flexibly configure and manage network settings directly from the CLI, accommodating changes in network design or infrastructure requirements efficiently.
 ---
 ```bash
 auto lo
 iface lo inet loopback
 iface enp3s0 inet manual
 auto vmbr0
 iface vmbr0 inet dhcp
        bridge-ports enp3s0
        bridge-stp off
        bridge-fd 0
 auto vmbr1
 iface vmbr1 inet manual
        bridge-ports none
        bridge-stp off
        bridge-fd 0
 auto vmbr2
 iface vmbr2 inet manual
        bridge-ports none
        bridge-stp off
        bridge-fd 0
 auto vmbr3
 iface vmbr3 inet manual
        bridge-ports none
        bridge-stp off
        bridge-fd 0
 iface wlp2s0 inet manual
 source /etc/network/interfaces.d/*
 ```
 ---
 For your standalone Proxmox setup, switching between static and dynamic IP configurations and managing virtual bridges are important tasks. Below, I'll provide a concise guide to handle these changes effectively and safely.
 ### Switching from Static IP to DHCP: