Hello,
I've been trying to achieve this setup for quite some time, but without success.
What I want is to configure vmbr0 as a bridge, which will use MASQUERADE for all VMs within the 10.10.10.0/24 subnet. It's fine for me if these VMs use the main IP address.
However, I need one specific VM to be assigned with a second IP address so that I can access it directly without relying on iptables for routing.
I've followed several tutorials, but I still haven't been able to make it work.
I create a new VM using cloud-init (debian)
In the hardware settings in the network section, I select vmbr3 and enter the MAC address provided by Hetzner
In the cloud-init options, I set the secondary IP address as a static IPv4 and use the main IP address as the gateway
I've been trying to achieve this setup for quite some time, but without success.
What I want is to configure vmbr0 as a bridge, which will use MASQUERADE for all VMs within the 10.10.10.0/24 subnet. It's fine for me if these VMs use the main IP address.
However, I need one specific VM to be assigned with a second IP address so that I can access it directly without relying on iptables for routing.
I've followed several tutorials, but I still haven't been able to make it work.
Code:
root@pve ~ # cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
iface lo inet6 loopback
auto enp41s0
iface enp41s0 inet static
address {MAIN_IP}/27
netmask 255.255.255.224
pointtopoint 85.10.XXX.225
gateway 85.10.XXX.225
#up route add -net 85.10.XXX.224 netmask 255.255.255.224 gw 85.10.XXX.225 dev enp41s0
post-up echo 1 > /proc/sys/net/ipv4/conf/enp41s0/proxy_arp
# route 85.10.XXX.224/27 via 85.10.XXX.225
iface enp41s0 inet6 static
address 2a01:XXX:a0:XXXX::2/64
gateway fe80::1
# Wireguard
post-up iptables -t nat -A PREROUTING -i enp41s0 -p udp --dport 51820 -j DNAT --to 10.10.10.20:51820
post-down iptables -t nat -D PREROUTING -i enp41s0 -p udp --dport 51820 -j DNAT --to 10.10.10.20:51820
# NPM 80/443
post-up iptables -t nat -A PREROUTING -i enp41s0 -p tcp --dport 80 -j DNAT --to 10.10.10.21:80
post-down iptables -t nat -D PREROUTING -i enp41s0 -p tcp --dport 80 -j DNAT --to 10.10.10.21:80
post-up iptables -t nat -A PREROUTING -i enp41s0 -p tcp --dport 443 -j DNAT --to 10.10.10.21:443
post-down iptables -t nat -D PREROUTING -i enp41s0 -p tcp --dport 443 -j DNAT --to 10.10.10.21:443
# harbor
post-up iptables -t nat -A PREROUTING -i enp41s0 -p tcp --dport 20001 -j DNAT --to 10.10.10.22:20001
post-down iptables -t nat -D PREROUTING -i enp41s0 -p tcp --dport 20001 -j DNAT --to 10.10.10.22:20001
# ssh
post-up iptables -t nat -A PREROUTING -i enp41s0 -p tcp --dport 2250 -j DNAT --to 10.10.10.50:22
post-down iptables -t nat -D PREROUTING -i enp41s0 -p tcp --dport 2250 -j DNAT --to 10.10.10.50:22
iface eth0 inet manual
auto vmbr0
iface vmbr0 inet static
address 10.10.10.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o enp41s0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o enp41s0 -j MASQUERADE
auto vmbr3
iface vmbr3 inet static
address {MAIN_IP}/27
netmask 255.255.255.255
bridge_ports none
bridge_stp off
bridge_fd 0
bridge_maxwait 0
up route add -host {SECOND_IP} dev vmbr3I create a new VM using cloud-init (debian)
In the hardware settings in the network section, I select vmbr3 and enter the MAC address provided by Hetzner
In the cloud-init options, I set the secondary IP address as a static IPv4 and use the main IP address as the gateway
Attachments
Last edited: