Howto proxmox: Difference between revisions

From Vidalinux Wiki
Jump to navigation Jump to search
Line 11: Line 11:
  lxc.cgroup2.devices.allow: c10:200 rwm
  lxc.cgroup2.devices.allow: c10:200 rwm
  lxc.mount.entry: /dev/net dev/net none bind,create=dir
  lxc.mount.entry: /dev/net dev/net none bind,create=dir
configure network:
configure /etc/config/network:
  config interface 'loopback'
  config interface 'loopback'
     option device 'lo'
     option device 'lo'
Line 49: Line 49:
     option ipaddr '192.168.24.45'
     option ipaddr '192.168.24.45'
     option netmask '255.255.255.0'
     option netmask '255.255.255.0'
configure dns and dhcp:
restart network service:
service network restart
configure /etc/config/dhcp:
  config dnsmasq
  config dnsmasq
     option domainneeded '1'
     option domainneeded '1'
Line 92: Line 94:
     option leasetrigger '/usr/sbin/odhcpd-update'
     option leasetrigger '/usr/sbin/odhcpd-update'
     option loglevel '4'
     option loglevel '4'
configure firewall:
restart dhcp service:
service dnsmasq restart
configure /etc/config/firewall:
  config defaults
  config defaults
     option syn_flood '1'
     option syn_flood '1'
Line 244: Line 248:
     option name    SNAT-IP-LAN-WAN
     option name    SNAT-IP-LAN-WAN
     option enabled  1
     option enabled  1
restart firewall service:
service firewall restart


= download cloudimages =
= download cloudimages =
= references =
= references =
* https://mirror-03.infra.openwrt.org/releases/23.05.3/targets/x86/64/
* https://mirror-03.infra.openwrt.org/releases/23.05.3/targets/x86/64/

Revision as of 19:17, 18 April 2024

install proxmox

download proxmox iso:

https://enterprise.proxmox.com/iso/proxmox-ve_8.1-2.iso

openwrt

download openwrt image:

cd /var/lib/vz/images
wget https://mirror-03.infra.openwrt.org/releases/23.05.3/targets/x86/64/openwrt-23.05.3-x86-64-rootfs.tar.gz

create container in proxmox using pct:

ptc create 102 ./openwrt-23.05.3-x86-64-rootfs.tar.gz --unprivileged 1 --ostype unmanaged --hostname openwrt --net0 name=eth0 --net1 name=eth1 --storage local-lvm

edit container config /etc/pve/lxc/102.conf:

lxc.cgroup2.devices.allow: c10:200 rwm
lxc.mount.entry: /dev/net dev/net none bind,create=dir

configure /etc/config/network:

config interface 'loopback'
   option device 'lo'
   option proto 'static'
   option ipaddr '127.0.0.1'
   option netmask '255.0.0.0'

config globals 'globals'
   option ula_prefix 'fdb5:603d:27d8::/48'

config device 'lan_br'
   option name 'br-lan'
   option type 'bridge'
   list ports 'eth1'

config device 'eth1'
   option name 'eth1'

config interface 'lan'
   option device 'br-lan'
   option proto 'static'
   option ipaddr '192.168.99.254'
   option netmask '255.255.255.0'
   option ip6assign '60'

config interface 'wan'
   option device 'eth0'
   option proto 'static'
   option ipaddr '192.168.24.44'
   option netmask '255.255.255.0'
   option gateway '192.168.24.254'
   option ip6assign '60'

config interface 'wan1'
   option device 'eth0'
   option proto 'static'
   option ipaddr '192.168.24.45'
   option netmask '255.255.255.0'

restart network service:

service network restart

configure /etc/config/dhcp:

config dnsmasq
   option domainneeded '1'
   option localise_queries '1'
   option rebind_protection '1'
   option rebind_localhost '1'
   option local '/lan/'
   option domain 'ovoxcloud.com'
   option expandhosts '1'
   option cachesize '1000'
   option authoritative '1'
   option readethers '1'
   option leasefile '/tmp/dhcp.leases'
   option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
   option localservice '1'
   option ednspacket_max '1232'
   list server '4.2.2.1'
   list server '4.2.2.2'
   list interface 'lan'
   list notinterface 'wan'
   option port '53'

config dhcp 'lan'
   option interface 'lan'
   option start '100'
   option limit '150'
   option leasetime '12h'
   option dhcpv4 'server'
   option dhcpv6 'server'
   option ra 'server'
   option ra_slaac '1'
   list ra_flags 'managed-config'
   list ra_flags 'other-config'

config dhcp 'wan'
   option interface 'wan'
   option ignore '1'

config odhcpd 'odhcpd'
   option maindhcp '0'
   option leasefile '/tmp/hosts/odhcpd'
   option leasetrigger '/usr/sbin/odhcpd-update'
   option loglevel '4'

restart dhcp service:

service dnsmasq restart

configure /etc/config/firewall:

config defaults
   option syn_flood '1'
   option input 'REJECT'
   option output 'ACCEPT'
   option forward 'REJECT'

config zone
   option name 'lan'
   list network 'lan'
   option input 'ACCEPT'
   option output 'ACCEPT'
   option forward 'ACCEPT'

config zone
   option name 'wan'
   list network 'wan'
   list network 'wan6'
   option input 'REJECT'
   option output 'ACCEPT'
   option forward 'REJECT'
   option masq '1'
   option mtu_fix '1'

config forwarding
   option src 'lan'
   option dest 'wan'

config rule
   option name 'Allow-DHCP-Renew'
   option src 'wan'
   option proto 'udp'
   option dest_port '68'
   option target 'ACCEPT'
   option family 'ipv4'

config rule
   option name 'Allow-Ping'
   option src 'wan'
   option proto 'icmp'
   option icmp_type 'echo-request'
   option family 'ipv4'
   option target 'ACCEPT'

config rule
   option name 'Allow-IGMP'
   option src 'wan'
   option proto 'igmp'
   option family 'ipv4'
   option target 'ACCEPT'

config rule
   option name 'Allow-SSH-WAN'
   option src 'wan'
   option proto 'tcp'
   option dest_port '22'
   option target 'ACCEPT'

config rule
   option name 'Allow-HTTP-WAN'
   option src 'wan'
   option proto 'tcp'
   option dest_port '443'
   option target 'ACCEPT'

config rule
   option name 'Allow-DHCPv6'
   option src 'wan'
   option proto 'udp'
   option dest_port '546'
   option family 'ipv6'
   option target 'ACCEPT'

config rule
   option name 'Allow-MLD'
   option src 'wan'
   option proto 'icmp'
   option src_ip 'fe80::/10'
   list icmp_type '130/0'
   list icmp_type '131/0'
   list icmp_type '132/0'
   list icmp_type '143/0'
   option family 'ipv6'
   option target 'ACCEPT'

config rule
   option name 'Allow-ICMPv6-Input'
   option src 'wan'
   option proto 'icmp'
   list icmp_type 'echo-request'
   list icmp_type 'echo-reply'
   list icmp_type 'destination-unreachable'
   list icmp_type 'packet-too-big'
   list icmp_type 'time-exceeded'
   list icmp_type 'bad-header'
   list icmp_type 'unknown-header-type'
   list icmp_type 'router-solicitation'
   list icmp_type 'neighbour-solicitation'
   list icmp_type 'router-advertisement'
   list icmp_type 'neighbour-advertisement'
   option limit '1000/sec'
   option family 'ipv6'
   option target 'ACCEPT'

config rule
   option name 'Allow-ICMPv6-Forward'
   option src 'wan'
   option dest '*'
   option proto 'icmp'
   list icmp_type 'echo-request'
   list icmp_type 'echo-reply'
   list icmp_type 'destination-unreachable'
   list icmp_type 'packet-too-big'
   list icmp_type 'time-exceeded'
   list icmp_type 'bad-header'
   list icmp_type 'unknown-header-type'
   option limit '1000/sec'
   option family 'ipv6'
   option target 'ACCEPT'

config rule
   option name 'Allow-IPSec-ESP'
   option src 'wan'
   option dest 'lan'
   option proto 'esp'
   option target 'ACCEPT'

config rule
   option name 'Allow-ISAKMP'
   option src 'wan'
   option dest 'lan'
   option dest_port '500'
   option proto 'udp'
   option target 'ACCEPT'

config redirect
   option src      wan
   option dest     lan
   option src_dip  192.168.24.45
   option dest_ip  192.168.99.208
   option target   DNAT
   option name     DNAT-IP-WAN-LAN
   option enabled  

config redirect
   option src      lan
   option dest     wan
   option src_ip   192.168.99.208
   option src_dip  192.168.24.45
   option target   SNAT
   option name     SNAT-IP-LAN-WAN
   option enabled  1

restart firewall service:

service firewall restart

download cloudimages

references