Here's an updated OpenWRT container configuration with a smaller footprint:

### Proxmox Container Creation

Use the following command to create a new container with reduced memory and storage:

```bash
pct create 100 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-0 --storage local-lvm --memory 128 --swap 0 --rootfs local-lvm:2,size=1G \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr1,firewall=1
```

```bash
pct create 101 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-1 --storage local-lvm --memory 128 --swap 0 --rootfs local-lvm:2,size=1G \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr1,firewall=1
```

```bash
pct create 102 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-2 --storage local-lvm --memory 128 --swap 0 --rootfs local-lvm:2,size=1G \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr1,firewall=1
```

Key changes:
- Reduced memory to 128MB (`--memory 128`)
- Disabled swap (`--swap 0`)
- Reduced rootfs size to 1GB (`--rootfs local-lvm:2,size=1G`)

### OpenWRT Firewall Configuration

The network interface and firewall configuration remains the same as before:

#### **Define Network Interfaces**:
Update `/etc/config/network` to reflect `eth1` as the WAN interface:

```bash
config interface 'wan'
    option ifname 'eth1'
    option proto 'dhcp'
```

#### **Update Firewall Settings**:
Append rules to `/etc/config/firewall` to allow SSH and HTTPS access:

```bash
config zone
    option name 'wan'
    list network 'wan'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option masq '1'
    option mtu_fix '1'

config rule
    option name 'Allow-SSH'
    option src 'wan'
    option proto 'tcp'
    option dest_port '22'
    option target 'ACCEPT'

config rule
    option name 'Allow-HTTPS'
    option src 'wan'
    option proto 'tcp'
    option dest_port '443'
    option target 'ACCEPT'
```

### Applying the Configuration

After updating the configuration files:

- **Restart Network Services**:
  ```bash
  /etc/init.d/network restart
  ```

- **Reload Firewall Settings**:
  ```bash
  /etc/init.d/firewall restart
  ```

This setup reduces the memory and storage footprint of the OpenWRT container while maintaining the necessary network and firewall configurations for SSH and HTTPS access.

Remember to test connectivity and functionality thoroughly after applying these changes to ensure the reduced resource allocation meets your requirements.

---

To streamline your guide for setting up Proxmox containers with OpenWRT and configuring the necessary firewall rules for SSH and HTTPS access, here’s a refined and concise approach:

### Proxmox Container Creation

Below are the commands to create three different containers, each with a unique configuration for network interfaces:

#### **Container 1 Setup:**
```bash
pct create 101 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-0 --storage local-lvm \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr1,firewall=1
```

#### **Container 2 Setup:**
```bash
pct create 101 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-1 --storage local-lvm \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr2,firewall=1
```

#### **Container 3 Setup:**
```bash
pct create 102 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-2 --storage local-lvm \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr3,firewall=1
```

### OpenWRT Firewall Configuration

You need to ensure that `eth1` is recognized as the WAN interface on each OpenWRT container. Configure the network settings and define firewall rules to allow SSH and HTTPS access.

#### **Define Network Interfaces**:
Update the `/etc/config/network` to reflect `eth1` as the WAN interface. This setup applies universally across your containers:

```bash
config interface 'wan'
    option ifname 'eth1'
    option proto 'dhcp'
```

#### **Update Firewall Settings**:
In `/etc/config/firewall`, append rules to allow SSH and HTTPS access. The following rules will enable connectivity for management via `eth1`:

```bash
config zone
    option name 'wan'
    list network 'wan'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option masq '1'
    option mtu_fix '1'

config rule
    option name 'Allow-SSH'
    option src 'wan'
    option proto 'tcp'
    option dest_port '22'
    option target 'ACCEPT'

config rule
    option name 'Allow-HTTPS'
    option src 'wan'
    option proto 'tcp'
    option dest_port '443'
    option target 'ACCEPT'
```

### Applying the Configuration

After updating the configuration files, you should apply the changes:

- **Restart Network Services**:
  ```bash
  /etc/init.d/network restart
  ```

- **Reload Firewall Settings**:
  ```bash
  /etc/init.d/firewall restart
  ```

### Final Considerations

- **Security**: Implement strong authentication methods, such as key-based SSH access.
- **Testing**: Verify connectivity by accessing SSH and HTTPS from a network outside your LAN.
- **Backup Configurations**: Always back up your configurations before making significant changes.

This streamlined guide provides a clear and effective method for deploying Proxmox containers with OpenWRT, configured for remote management access through SSH and HTTPS on the WAN interface.

---

### Creating a Virtual Bridge (vmbr) in Proxmox via CLI

To create a new virtual bridge (`vmbrX`) on Proxmox using the command line, you need to edit the network configuration file located at `/etc/network/interfaces`. Here’s how you can do it:

1. **Access the Proxmox Host**:
   Connect to your Proxmox server via SSH.

2. **Edit the Network Configuration File**:
   Open the `/etc/network/interfaces` file in a text editor, such as `nano` or `vim`.
   ```bash
   vim /etc/network/interfaces
   ```

3. **Add Configuration for a New Bridge**:
   Add the following lines to the file to create a new bridge. Replace `X` with the appropriate number for your new bridge.
   ```bash
   auto vmbrX
   iface vmbrX inet static
       address 192.168.X.1
       netmask 255.255.255.0
       bridge_ports none
       bridge_stp off
       bridge_fd 0
   ```

4. **Save and Apply Changes**:
   Save the changes and restart the networking service to apply them.
   ```bash
   systemctl restart networking
   ```

This setup creates a bridge with no physical interfaces attached (isolated bridge). If you want to attach physical interfaces, replace `none` in `bridge_ports` with the name of the interface (e.g., `eth0`).

### Adjusting Network Interface Configuration in OpenWRT

To swap interfaces or change the DHCP setting to static IP or vice versa in OpenWRT, you can modify the `/etc/config/network` file. Here's how to make these adjustments:

#### **Changing Interface Assignment (Swapping Interfaces)**

If you want to change which physical interface (e.g., from `eth0` to `eth1`) is used for WAN, modify the `option ifname` line under the corresponding section:

```bash
config interface 'wan'
    option ifname 'eth1'  # Changed from eth0 to eth1
    option proto 'dhcp'
```

#### **Changing DHCP to Static IP (or Vice Versa)**

To change an interface from DHCP to static IP:
1. Change the `option proto 'dhcp'` to `option proto 'static'`.
2. Specify the `option ipaddr` and `option netmask` (and optionally, `option gateway` and `option dns`).

Example for a static IP configuration:
```bash
config interface 'wan'
    option ifname 'eth0'
    option proto 'static'
    option ipaddr '192.168.1.2'
    option netmask '255.255.255.0'
    option gateway '192.168.1.1'
    option dns '192.168.1.1'
```

To revert to DHCP:
```bash
config interface 'wan'
    option ifname 'eth0'
    option proto 'dhcp'
```

#### **Applying Changes in OpenWRT**

After making changes to the `/etc/config/network` file:
1. **Restart the Network Service** to apply the changes:
   ```bash
   /etc/init.d/network restart
   ```

2. **Test Connectivity** to ensure that your network configurations work as expected.

These steps allow you to flexibly configure and manage network settings directly from the CLI, accommodating changes in network design or infrastructure requirements efficiently.

---

```bash
auto lo
iface lo inet loopback

iface enp3s0 inet manual

auto vmbr0
iface vmbr0 inet dhcp
        bridge-ports enp3s0
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet manual
        bridge-ports none
        bridge-stp off
        bridge-fd 0

auto vmbr2
iface vmbr2 inet manual
        bridge-ports none
        bridge-stp off
        bridge-fd 0

auto vmbr3
iface vmbr3 inet manual
        bridge-ports none
        bridge-stp off
        bridge-fd 0

iface wlp2s0 inet manual

source /etc/network/interfaces.d/*
```

---
For your standalone Proxmox setup, switching between static and dynamic IP configurations and managing virtual bridges are important tasks. Below, I'll provide a concise guide to handle these changes effectively and safely.

### Switching from Static IP to DHCP:

1. **Update Network Interface Configuration:**
   - Open `/etc/network/interfaces` in a text editor:
     ```bash
     nano /etc/network/interfaces
     ```
   - Change the `vmbr0` configuration from static to DHCP:
     ```bash
     auto vmbr0
     iface vmbr0 inet dhcp
         bridge-ports enp3s0
         bridge-stp off
         bridge-fd 0
     ```
   - Save the changes and exit the editor.

2. **Restart Networking to Apply Changes:**
   - Apply the new network settings:
     ```bash
     systemctl restart networking
     ```

3. **Find the New DHCP-Assigned IP Address:**
   - After the network restarts, check the assigned IP:
     ```bash
     ip addr show vmbr0
     ```

4. **Update `/etc/hosts` with the New IP:**
   - Edit the `/etc/hosts` file to replace the old static IP with the new one:
     ```bash
     nano /etc/hosts
     ```
   - Modify the line with the old IP to the new one you just obtained:
     ```plaintext
     192.168.86.62 whitebox.foxtrot.lan whitebox  # Old IP
     192.168.x.x whitebox.foxtrot.lan whitebox    # New DHCP IP
     ```
   - Save and exit.

5. **Reserve IP in DHCP Server (Optional but Recommended):**
   - To ensure the IP does not change on reboots, reserve the IP in your DHCP server settings to always assign the same IP to the MAC address of `vmbr0`.

### Creating a New Virtual Bridge (`vmbrX`):

1. **Add a New Virtual Bridge Configuration:**
   - Edit `/etc/network/interfaces`:
     ```bash
     nano /etc/network/interfaces
     ```
   - Add a new bridge configuration at the end of the file:
     ```bash
     auto vmbrX  # Replace X with the next available number
     iface vmbrX inet manual
         bridge-ports none
         bridge-stp off
         bridge-fd 0
     ```
   - Save and exit the editor.

2. **Activate the New Bridge:**
   - Restart the networking service to bring up the new bridge:
     ```bash
     systemctl restart networking
     ```

### General Notes:

- **Backup Configurations:** Always backup configuration files before making changes (`cp /etc/network/interfaces /etc/network/interfaces.bak`).
- **Documentation:** Update all relevant documentation with the new bridge details and IP changes.
- **Monitoring:** Monitor the network and server behavior after changes to ensure everything is functioning as expected.

This approach provides a structured method to manage IP address configurations and virtual bridges on your Proxmox server, enhancing flexibility and ensuring consistent network settings across system reboots or changes.