Hetzner Proxmox configuration public and private network

[ropiecin]

the following network configuration is not working, can anyone help me solve it?

# /etc/network/interfaces
auto lo
iface lo inet loopback

# public network
iface enp2s0 inet static
address [public IP]
hwaddress XX:XX:XX:XX:XX:XX
netmask 255.255.255.255
pointopoint [gateway public IP]
gateway [gateway public IP]
up route add -net [gateway public IP - 1] netmask 255.255.255.255 gw [gateway public IP] dev enp2s0

post-up echo 1 > /proc/sys/net/ipv4/conf/enp2s0/proxy_arp

auto vmbr0
iface vmbr0 inet static
address [public IP]
netmask 255.255.255.255
bridge_ports none
bridge_stp off
bridge_fd 0
bridge_maxwait 0

up route add -host [extra public IP] dev vmbr0

# private network
auto vmbr99
iface vmbr99 inet static
address 10.0.0.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward

post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -j MASQUERADE

post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

 

[Richard]

up route add -net [gateway public IP - 1] netmask 255.255.255.255 gw [gateway public IP] dev enp2s0

post-up echo 1 > /proc/sys/net/ipv4/conf/enp2s0/proxy_arp

Remove the above line, the my not disturb but not be necessary either.

auto vmbr0
iface vmbr0 inet static
address [public IP]
netmask 255.255.255.255
bridge_ports none
bridge_stp off
bridge_fd 0
bridge_maxwait 0

Remove address entry, the same address must not be specified twice.

up route add -host [extra public IP] dev vmbr0

The question is what this IP is good for.

#

post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

Remove the above - at least for the moment (take care about firewalls later).

 

[ropiecin]

hi Richard,
applying your suggestions, this is the result:

---
# /etc/network/interfaces
auto lo
iface lo inet loopback

# public network
iface enp2s0 inet static
address [public IP]
hwaddress XX:XX:XX:XX:XX:XX
netmask 255.255.255.255
pointopoint [gateway public IP]
gateway [gateway public IP]

auto vmbr0
iface vmbr0 inet static
netmask 255.255.255.255
bridge_ports none
bridge_stp off
bridge_fd 0
bridge_maxwait 0

up route add -host [extra public IP] dev vmbr0

# private network
auto vmbr99
iface vmbr99 inet static
address 10.0.0.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward

post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -j MASQUERADE
---

could be correct now?

PS [extra public IP] is because I get multiples public IP

 

[Richard]

could be correct now?

I guess so (if still not working follow the packets via tcpdump in order to figure out where they get lost).

 

[ropiecin]

hi Richard,
I apply the /etc/network/interfaces modified as you suggested, but unfortunatelly it's not working, and I cannot access to the server by remote, so it's not possible to follow the packets via tcpdump.

Thanks in advance for any other suggestions.

 

[Richard]

I cannot access to the server by remote, so it's not possible to follow the packets via tcpdump.

Console access should be always possible, I cannot imagine that any hoster does not offer it .....

 

[ropiecin]

hi Richard,
if the network interface is not working they cannot access to the server.

There's no console, only reboot in rescue mode, mounting the disk and substitute the /etc/network/interfaces file.

So it is! :-(