I would like to run openwrt inside a lxc container on ubuntu on a rpi4. Openwrt should assign an ip address to the host rpi and other devices on the lan (switch, AP, etc).
I'm able to run the container and assign IPs to clients on the lan fine. The wan is also assigned an IP address.
The problem is I'm able to access the openwrt container from the wan (luci UI, ssh) without making any changes to the firewall settings. I have not changed or set any additional firewall rules set in openwrt or the host. The only setting I've changed is changing the default static ip for the lan in the openwrt container
Does this setup require some additional settings on the host?
setup:
- USB ethernet adapter on rpi connected to the ONT from my ISP
- while testing this is connected to old router running openwrt acting as wan (to be replaced with this lxc container setup). old router is connected to ONT and lan port is connected to USB ethernet adapter
- rpi4 running ubuntu 21.04.
- lxc container running openwrt router on ubuntu host
- Ethernet port on rpi is connected to POE switch.
- Switch is connected to dumb AP running openwrt.
Using openwrt v21.02.0rc3 armvirt
https://downloads.openwrt.org/releases/21.02.0-rc3/targets/armvirt/64/openwrt-21.02.0-rc3-armvirt-64-default-rootfs.tar.gz
lxd version 4.16
roughly following the steps here
http://www.makikiweb.com/Pi/lxc_openwrt.html
# init container
lxc image import openwrt-meta.tar default-rootfs.tar.gz --alias openwrt_aarch64
lxc init local:openwrt_aarch64 router
# assign profile with eth0 and eth1 interfaces
lxc profile assign router owrt-router
# adding eth1 to router container instance config
lxc config edit router
...
volatile.eth0.hwaddr: xx:xx:xx:xx:xx:xx
volatile.eth1.hwaddr: xx:xx:xx:xx:xx:xx # added this line
...
lxc start router
/etc/netplan/50-cloud-init.yaml
network:
ethernets:
eth0:
dhcp4: true
optional: false
enx7cc2c61ee390:
dhcp4: true
optional: false
bridges:
br0:
dhcp4: true
dhcp6: true
parameters:
stp: false
forward-delay: 0
interfaces:
- eth0
version: 2
lxc container owrt-router
profile
config: {}
description: openwrt router
devices:
eth0:
name: eth0
nictype: bridged
parent: br0
type: nic
eth1:
name: eth1
nictype: physical
parent: enx7cc2c61ee390
type: nic
root:
path: /
pool: default
type: disk
name: owrt-router
I've also tried a variety of configurations:
- setting container eth1
nictype
asbridged
and creating correspondingbr1
in netplan - setting
lxc config set router security.privileged true
- tried with older versions of ubuntu (18.04, 20.04), openwrt (19.07.7), lxd (3.0.3)
but I'm still able to access the luci UI over the wan. Appreciate any help on this.