medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e45ca2034a7f21bdc313b3579aedd187f35da1f9
the_information_nexus/docs/tech_docs/OPENwrt.md

89 lines
3.0 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

To streamline your guide for setting up Proxmox containers with OpenWRT and configuring the necessary firewall rules for SSH and HTTPS access, heres a refined and concise approach:
### Proxmox Container Creation
Below are the commands to create three different containers, each with a unique configuration for network interfaces:
#### **Container 1 Setup:**
```bash
pct create 101 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-0 --storage local-lvm \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr1,firewall=1
```
#### **Container 2 Setup:**
```bash
pct create 101 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-1 --storage local-lvm \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr2,firewall=1
```
#### **Container 3 Setup:**
```bash
pct create 102 /var/lib/vz/template/cache/openwrt-rootfs.tar.xz --unprivileged 1 --arch amd64 --ostype unmanaged --hostname openwrt-2 --storage local-lvm \
--net0 name=eth0,bridge=vmbr0,firewall=1 \
--net1 name=eth1,bridge=vmbr3,firewall=1
```
### OpenWRT Firewall Configuration
You need to ensure that `eth1` is recognized as the WAN interface on each OpenWRT container. Configure the network settings and define firewall rules to allow SSH and HTTPS access.
#### **Define Network Interfaces**:
Update the `/etc/config/network` to reflect `eth1` as the WAN interface. This setup applies universally across your containers:
```bash
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
```
#### **Update Firewall Settings**:
In `/etc/config/firewall`, append rules to allow SSH and HTTPS access. The following rules will enable connectivity for management via `eth1`:
```bash
config zone
option name 'wan'
list network 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config rule
option name 'Allow-SSH'
option src 'wan'
option proto 'tcp'
option dest_port '22'
option target 'ACCEPT'
config rule
option name 'Allow-HTTPS'
option src 'wan'
option proto 'tcp'
option dest_port '443'
option target 'ACCEPT'
```
### Applying the Configuration
After updating the configuration files, you should apply the changes:
- **Restart Network Services**:
```bash
/etc/init.d/network restart
```
- **Reload Firewall Settings**:
```bash
/etc/init.d/firewall restart
```
### Final Considerations
- **Security**: Implement strong authentication methods, such as key-based SSH access.
- **Testing**: Verify connectivity by accessing SSH and HTTPS from a network outside your LAN.
- **Backup Configurations**: Always back up your configurations before making significant changes.
This streamlined guide provides a clear and effective method for deploying Proxmox containers with OpenWRT, configured for remote management access through SSH and HTTPS on the WAN interface.
Reference in New Issue View Git Blame Copy Permalink