Hetzner: IPv4 Routed to VM not working proberly

P

PT400C

Member
May 30, 2018
18
0
21
Germany
Hello,

for the last couple of days we try to switch our Proxmox installation from a Linux bridge to a routed setup with Proxmox. The Linux bridge worked just fine, but won't allow us to route IPv6 traffic to the VMs at the same time. Still we can't employ a IPv6 Linux bridge as Hetzner doesn't provide individual MAC addresses for IPv6 subnets.

What we did (all IPs are kept as is, just censored):

/etc/resolv.conf:

Code: 
nameserver 2a01:4f8:c2c:123f::1
nameserver 1.1.1.1
nameserver 2a01:4f9:c010:3f02::1

/etc/sysctl.conf:

Code: 
net.ipv4.ip_forward=1

net.ipv6.conf.all.forwarding=1

/etc/network/interfaces:

Code: 
source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback
iface lo inet6 loopback

auto enp35s0
iface enp35s0 inet static
        address 88.xxx.32.34/27
        gateway 88.xxx.32.33
        pointopoint 88.xxx.32.33
        up route add -net 88.xxx.32.32 netmask 255.255.255.224 gw 88.xxx.32.33 dev enp35s0

auto vmbr0
iface vmbr0 inet static
        address 88.xxx.32.34/32
        bridge-ports none 
        bridge-stp off
        bridge-fd 0
        up ip route add 88.xxx.32.61/32 dev vmbr0

That's it for the host's configuration. That guest LXC container with Debian 11 looks like this:

/etc/network/interfaces:

Code: 
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address 88.xxx.32.61/32
# --- BEGIN PVE ---
        post-up ip route add 88.xxx.32.34 dev eth0
        post-up ip route add default via 88.xxx.32.34 dev eth0
        pre-down ip route del default via 88.xxx.32.34 dev eth0
        pre-down ip route del 88.xxx.32.34 dev eth0
# --- END PVE ---

The PVE-Section is created automatically. It seems it replaces the gateway line in the config file. Other than that, the container uses the DNS of the host server.

Here's a screenshot of the network config of the container:

Screenshot 2022-02-20 151643.png

Screenshots of ip -a:

Host:

host.png

Guest:

guest.png


Internally from the host, the guest is ping-able and vice versa. Only access to and from the internet is not possible.

If anyone could give us a hint to what we might have messed up, we would be really thankful!

Thanks in advance

PT400C
 
Last edited:
your ip config looks wrong to me...

if enp35s0 has 88.xxx.32.34/27 why are you assigning vmbr0 with the same IP 88.xxx.32.34 but with on a /32 subnet?, but then your screenshots have a /32 on enp35s0 and /27 on vmbr0?

In either case, I wouldn't have thought having the same IP address on two interfaces would work
 
bobmc said:
your ip config looks wrong to me...

if enp35s0 has 88.xxx.32.34/27 why are you assigning vmbr0 with the same IP 88.xxx.32.34 but with on a /32 subnet?, but then your screenshots have a /32 on enp35s0 and /27 on vmbr0?

In either case, I wouldn't have thought having the same IP address on two interfaces would work
Click to expand...
That's what also is confusing for me. I followed the guide over on my hoster's website. There they do the same thing. Concering the screenshots, they have been created at a time where I desperately tested all possible combinations of /27 and /32 subnet configurations. Non of them ever worked.
 
I am having the same setup and cannot find a solution. Hetzner EX62 with Single IP/26 network.
Proxmox 7.1-11 (pve-manager/7.1-11/8d529482 (running kernel: 5.13.19-6-pve)) installed with Proxmox Image and ZFS.

You won't believe what I've tested so far and cannot come up with a solution. I'm a total newbie but at least I'm now at a state where I'm not locking myself out anymore every hour.

Hetzner is also explaining it here:
https://docs.hetzner.com/de/robot/d...utzung-mit-virtualisierung-per-routed-methode

1648661300093.png

My configs are now all over the place - but if you want to see them (just to clarify: NOT WORKING CONFIGS):
I don't want to post them here, since they are not working and people are often like me and just copy and pasting (after losing sanity more than one time). Also it's your thread ;-)
* /etc/resolv.conf: 1.1.1.1, 8.8.8.8
* /etc/sysctl.conf: net.ipv4.ip_forward=1 and net.ipv6.conf.all.forwarding=1
* Host /etc/network/interfaces: https://pastebin.com/XekGisnH
* Container /etc/network/interfaces: https://pastebin.com/fVW2iQDV
* Screenshot of container network config as attachment.
* Host and client ip a as attachment, long one is host obviously.
 

Attachments

  • 1648662198423.png
    1648662198423.png
    37.1 KB · Views: 18
  • 1648662479764.png
    1648662479764.png
    180 KB · Views: 18
  • 1648662616231.png
    1648662616231.png
    78.8 KB · Views: 19
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back