medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e45ca2034a7f21bdc313b3579aedd187f35da1f9
the_information_nexus/docs/tech_docs/OPENwrt.md

3.0 KiB
Raw Blame History

To streamline your guide for setting up Proxmox containers with OpenWRT and configuring the necessary firewall rules for SSH and HTTPS access, heres a refined and concise approach:

Proxmox Container Creation

Below are the commands to create three different containers, each with a unique configuration for network interfaces:

Container 1 Setup:

pct create 101 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-0 --storage local-lvm \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr1,firewall=1

Container 2 Setup:

pct create 101 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-1 --storage local-lvm \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr2,firewall=1

Container 3 Setup:

pct create 102 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-2 --storage local-lvm \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr3,firewall=1

OpenWRT Firewall Configuration

You need to ensure that eth1 is recognized as the WAN interface on each OpenWRT container. Configure the network settings and define firewall rules to allow SSH and HTTPS access.

Define Network Interfaces:

Update the /etc/config/network to reflect eth1 as the WAN interface. This setup applies universally across your containers:

config interface 'wan'
    option ifname 'eth1'
    option proto 'dhcp'

Update Firewall Settings:

In /etc/config/firewall, append rules to allow SSH and HTTPS access. The following rules will enable connectivity for management via eth1:

config zone
    option name 'wan'
    list network 'wan'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option masq '1'
    option mtu_fix '1'

config rule
    option name 'Allow-SSH'
    option src 'wan'
    option proto 'tcp'
    option dest_port '22'
    option target 'ACCEPT'

config rule
    option name 'Allow-HTTPS'
    option src 'wan'
    option proto 'tcp'
    option dest_port '443'
    option target 'ACCEPT'

Applying the Configuration

After updating the configuration files, you should apply the changes:

  • Restart Network Services:

    /etc/init.d/network restart

  • Reload Firewall Settings:

    /etc/init.d/firewall restart

Final Considerations

  • Security: Implement strong authentication methods, such as key-based SSH access.
  • Testing: Verify connectivity by accessing SSH and HTTPS from a network outside your LAN.
  • Backup Configurations: Always back up your configurations before making significant changes.

This streamlined guide provides a clear and effective method for deploying Proxmox containers with OpenWRT, configured for remote management access through SSH and HTTPS on the WAN interface.