medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9f46b7a6cd28da22e52487b6da09e89fe3d522f2
the_information_nexus/docs/tech_docs/OPENwrt.md

77 lines
3.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

To set up a Proxmox container (CT) with OpenWRT using the `pct create` command and configure the firewall to allow SSH and HTTPS access on the WAN interface (`eth1`), let's compile a comprehensive guide including the commands for creating the container and the necessary firewall configuration within OpenWRT.
### Container Creation with Proxmox
First, let's clarify the Proxmox command for creating the container:
### Container 1
```bash
pct create 101 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --architecture amd64 --ostype unmanaged --hostname openwrt-0 --storage local-lvm \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr1,firewall=1
```
### Container 2
```bash
pct create 101 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --architecture amd64 --ostype unmanaged --hostname openwrt-0 --storage local-lvm \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr2,firewall=1
```
This command creates an unprivileged container with ID 106, using an OpenWRT root filesystem. It configures three network interfaces:
- **eth0**: Main LAN interface with a static IP and gateway.
- **eth1**: WAN interface on `vmbr1`, which will be used to allow external SSH and HTTPS access.
- **eth2**: Additional network interface.
### Firewall Configuration in OpenWRT
For the OpenWRT container to allow SSH (port 22) and HTTPS (port 443) on `eth1`, you must ensure that `eth1` is treated as the WAN interface in OpenWRT's network and firewall settings. Here's how to set up the necessary firewall rules within the OpenWRT system:
1. **Define Network Interfaces in OpenWRT**:
Ensure `eth1` is configured as the WAN interface in `/etc/config/network`. This might look something like this:
```bash
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
```
2. **Update Firewall Settings**:
In `/etc/config/firewall`, you should add rules to allow SSH and HTTPS. These rules need to specify that they apply to traffic coming in on `eth1` (which should be associated with the `wan` zone). Heres how you would configure the firewall:
```bash
config zone
option name 'wan'
list network 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config rule
option name 'Allow-SSH'
option src 'wan'
option dest_port '22'
option proto 'tcp'
option target 'ACCEPT'
config rule
option name 'Allow-HTTPS'
option src 'wan'
option dest_port '443'
option proto 'tcp'
option target 'ACCEPT'
```
### Applying the Configuration
After editing the configuration files, apply the changes:
- Restart the network service: `/etc/init.d/network restart`
- Reload the firewall: `/etc/init.d/firewall restart`
### Final Considerations
- **Security**: Ensure you have set strong passwords and consider using key-based authentication for SSH.
- **Testing**: After setting up, test the accessibility of SSH and HTTPS from outside your LAN to confirm the firewall rules are working as expected.
- **Backup Configurations**: Always keep backups of your configurations before making significant changes.
This setup will configure your Proxmox container with OpenWRT to allow SSH and HTTPS traffic on `eth1`, ensuring remote management capabilities from the WAN side.
Reference in New Issue View Git Blame Copy Permalink