Hetzner Setup - dealing with MAC addresses

B

benjaminblg

New Member
Jul 6, 2024
1
0
1
Hi,
I am pretty new to proxmox but I have setup Proxmox on a root system.

My network config looks like this:

Code: 
#LoopBacks
auto lo
iface lo inet loopback
iface lo inet6 loopback


#Physical Interfaces
iface eno1 inet manual


#Non-Proxmox Interfaces
source /etc/network/interfaces.d/*


#Proxmox Interfaces
#Public Interface
auto vmbr0
iface vmbr0 inet static
      address      xx.xx.xx.157/26
      gateway      xx.xx.xx.129
      bridge-ports eno1
      bridge-stp   off
      bridge-fd    0
      up           sysctl -p


auto vmbr2
iface vmbr2 inet static
      address 192.168.192.5/18
      bridge-ports none
      bridge-stp off
      bridge-fd 0
      post-up iptables -t nat -A POSTROUTING -s '192.168.192.0/18' -o vmbr0 -j MASQUERADE
      post-down iptables -t nat -D POSTROUTING -s '192.168.192.0/18' -o vmbr0 -j MASQUERADE
      post-up      iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
      post-down    iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1


I have 2 vms and I added vmbr2 to both so they can access the internet but are not reachable from the outside (using zerotier to connect via ssh).
I assigned the same mac address to both as I got abuse messages with the proxmox generated mac address.
This works just fine as long as they are not running at the same time.

When they are running at the same time the networking just works for about 50% of the time.

In the hetzner docs there is this:
Code: 
When setting up Proxmox in bridged mode, it is absolutely crucial to request virtual MAC addresses for each IP address through the Robot Panel

But I can't find this button. Is this only possible when I bought additional ip addresses?
Or is there any way I can bypass getting mac addresses from Hetzner?
 
Last edited:
Each IP should only have 1 mac-address assigned to it (a mac-address can have multiple IP's assigned to it though), that's just how networking works.

I don't know anything about Hetzner, so you'll probably will have to ask them (or wait for someone with more knowledge about it to chime in.
One thing you COULD do though, is put in a (tiny) third VM with opnsense, pfsense or some other router-software on it, have THAT connected to the internet, and just have a vmbr3 without any physical connections to it as internal lan, which would allow your VM's to have their own dedicated (proxmox) mac. Outgoing would work out of the box, incoming you would have to port-forward, if you need the same port for something you will have to figure something out for that though, but you'd have to do something about that with your previous setup as well.
 
benjaminblg said:
I have 2 vms and I added vmbr2 to both so they can access the internet but are not reachable from the outside (using zerotier to connect via ssh).
I assigned the same mac address to both as I got abuse messages with the proxmox generated mac address.
Click to expand...

Make sure your NAT works and the VMs are not connected to a bridge to the outside world. If you got the abuse message for the virtual machine’s MAC address, it was bridged to Hetzner’s infrastructure.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back