medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update tech_docs/linux/linux_lab_starting.md

Browse Source
This commit is contained in:
medusa
2025-06-30 05:43:00 +00:00
parent 2367327dba
commit e9b81c4dc9
1 changed files with 280 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

281
tech_docs/linux/linux_lab_starting.md
View File

@@ -241,4 +241,283 @@ Changes:
Please note that these resource adjustments are based on general recommendations for minimal resource usage. Depending on your specific use case and the applications you plan to run inside the containers, you might need to fine-tune these values further. Please note that these resource adjustments are based on general recommendations for minimal resource usage. Depending on your specific use case and the applications you plan to run inside the containers, you might need to fine-tune these values further.
Remember to monitor the performance and resource utilization of your containers after creating them with these scaled-down resources. If you encounter any issues or need more resources, you can always adjust the values accordingly using the `pct resize` command. Remember to monitor the performance and resource utilization of your containers after creating them with these scaled-down resources. If you encounter any issues or need more resources, you can always adjust the values accordingly using the `pct resize` command.
---
# Proxmox Container Lab Guide
## Overview
This guide covers creating and configuring three types of LXC containers in Proxmox VE:
- **OpenWRT Container** (ID: 100) - Network router/firewall
- **Kali Linux Container** (ID: 200) - Security testing tools
- **Alpine Linux Container** (ID: 300) - Lightweight container host
## Container Creation Commands
### OpenWRT Container (ID: 100)
```bash
pct create 100 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz \
--unprivileged 1 \
--arch amd64 \
--ostype unmanaged \
--hostname openwrt-0 \
--tag network \
--storage local-lvm \
--cores 2 \
--memory 128 \
--swap 0 \
--rootfs local-lvm:1,size=1G \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr1,firewall=1
```
### Kali Linux Container (ID: 200)
```bash
pct create 200 /var/lib/vz/template/cache/kali-default-rootfs.tar.xz \
--unprivileged 1 \
--arch amd64 \
--ostype debian \
--hostname kali-0 \
--tag tools \
--storage local-lvm \
--cores 2 \
--memory 2048 \
--swap 512 \
--rootfs local-lvm:1,size=16G \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr1,firewall=1
```
### Alpine Linux Container (ID: 300)
```bash
pct create 300 /var/lib/vz/template/cache/alpine-default-rootfs.tar.xz \
--unprivileged 1 \
--arch amd64 \
--ostype alpine \
--hostname alpine-0 \
--tag docker \
--storage local-lvm \
--cores 2 \
--memory 1024 \
--swap 256 \
--rootfs local-lvm:1,size=8G \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr1,firewall=1
```
## Container Management Commands
### Basic Operations
```bash
# Start container
pct start <container_id>
# Stop container
pct stop <container_id>
# Destroy container
pct destroy <container_id>
# Enter container console
pct enter <container_id>
# Check container status
pct status <container_id>
```
### Resource Management
```bash
# Resize container storage
pct resize <container_id> rootfs <new_size>
# Modify container configuration
pct set <container_id> --memory <new_memory> --cores <new_cores>
```
## OpenWRT Configuration
### Package Management
```bash
# Update package list
opkg update
# Install packages
opkg install qemu-ga
# List installed packages
opkg list-installed
# Search for packages
opkg list | grep <package-name>
# Remove packages
opkg remove <package-name>
```
### Network Configuration
Edit `/etc/config/network` to configure WAN interface:
```
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
```
### Firewall Configuration
Append to `/etc/config/firewall`:
```
config zone
option name 'wan'
list network 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config rule
option name 'Allow-SSH'
option src 'wan'
option proto 'tcp'
option dest_port '22'
option target 'ACCEPT'
config rule
option name 'Allow-HTTPS'
option src 'wan'
option proto 'tcp'
option dest_port '443'
option target 'ACCEPT'
```
### Apply OpenWRT Configuration
```bash
# Restart network services
/etc/init.d/network restart
# Reload firewall settings
/etc/init.d/firewall restart
```
## Alpine Linux Configuration
### Package Management
```bash
# Update package index
apk update
# Install packages
apk add qemu-guest-agent
# Upgrade all packages
apk upgrade
# Search for packages
apk search <package-name>
# Remove packages
apk del <package-name>
```
### Network Configuration
Edit `/etc/network/interfaces`:
```
auto eth1
iface eth1 inet dhcp
```
### Firewall Configuration
Create `/etc/iptables.rules`:
```
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth1 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i eth1 -j REJECT --reject-with icmp-port-unreachable
COMMIT
```
Apply firewall rules:
```bash
iptables-restore < /etc/iptables.rules
```
## Kali Linux Configuration
### Package Management
```bash
# Update package lists
apt update
# Upgrade packages
apt upgrade
# Install packages
apt install <package-name>
# Search for packages
apt search <package-name>
# Remove packages
apt remove <package-name>
```
### Network Configuration
Edit `/etc/network/interfaces`:
```
auto eth1
iface eth1 inet dhcp
```
## Resource Optimization
### Minimal Resource Configurations
#### Ultra-Minimal OpenWRT
```bash
pct create 100 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz \
--unprivileged 1 \
--arch amd64 \
--ostype unmanaged \
--hostname openwrt-0 \
--tag network \
--storage local-lvm \
--memory 64 \
--swap 0 \
--rootfs local-lvm:1,size=512M \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr1,firewall=1
```
#### Minimal Alpine
```bash
pct create 300 /var/lib/vz/template/cache/alpine-default-rootfs.tar.xz \
--unprivileged 1 \
--arch amd64 \
--ostype alpine \
--hostname alpine-0 \
--tag docker \
--storage local-lvm \
--memory 512 \
--swap 256 \
--rootfs local-lvm:1,size=4G \
--net0 bridge=vmbr1,name=eth0,ip=dhcp,ip6=dhcp,type=veth,firewall=1
```
## Troubleshooting Tips
1. **Container won't start**: Check resource allocation and ensure templates are properly downloaded
2. **Network issues**: Verify bridge configuration and firewall rules
3. **Performance issues**: Monitor resource usage with `pct exec <id> -- top` or increase allocated resources
4. **Package installation fails**: Ensure network connectivity and update package lists first
## Best Practices
- Always test connectivity after configuration changes
- Monitor resource usage to optimize allocations
- Keep container templates updated
- Use unprivileged containers for security
- Tag containers for better organization
- Document custom configurations for reproducibility