I am using this configuration (taken from here) with great success in regards to the public IPs given from Hetzner however I cannot access the internet from inside KVMs that have private IPs (192.168.0.xxx)
Can someone please have a look and let me know if there is something wrong? I have tried several changes but no luck.
--------------------------------------
# /etc/network/interfaces
#
auto lo
iface lo inet loopback
# device: eth0
iface eth0 inet manual
# IPv4 bridge
# (connect ONLY your firewall/router KVM instance here, this is the WAN device!)
auto vmbr0
iface vmbr0 inet static
# Hetzner primary WAN IP
address 176.9.xxx.xxx
# Hetzner primary WAN IP broadcast address
broadcast 176.9.xxx.xyz
# This netmask needs to have all bits set
netmask 255.255.255.255
# Our gateway is reachable via Point-to-Point tunneling
# put the Hetzner gateway IP address here twice
pointopoint 176.9.xxx.yyy
gateway 176.9.xxx.yyy
# Virtual bridge settings
# this one is bridging physical eth0 interface
bridge_ports eth0
bridge_stp off
bridge_fd 0
# add a static route through the Hetzner gateway IP
# for the subnet our primary IP belongs to
up route add -net 176.9.xxx.zyx netmask 255.255.255.224 gw 176.9.xxx.yyy vmbr0
# Add routing for up to 4 dedicated IP's we get from Hetzner
# You need to
up ip route add 176.9.xxx.xx1/32 dev vmbr0
up ip route add 176.9.xxx.xx2/32 dev vmbr0
up ip route add 176.9.xxx.xx3/32 dev vmbr0
up ip route add 176.9.xxx.xx4/32 dev vmbr0
# Assure local routing of private IPv4 IP's from our
# Proxmox host via our firewall's WAN port
up ip route add 192.168.0.0/16 via 176.9.xxx.xx1 dev vmbr0
up ip route add 172.16.0.0/12 via 176.9.xxx.xx1 dev vmbr0
up ip route add 10.0.0.0/8 via 176.9.xxx.xx1 dev vmbr0
# IPv6 bridge
# (connect ONLY your firewall/router KVM instance here, this is the WAN device!)
iface vmbr0 inet6 static
address 2a01:4f8:151:XXX::3
netmask 64
up ip -6 route add 2a01:4f8:151:XXX::1 dev vmbr0
up ip -6 route add default via 2a01:4f8:151:XXX::1
# Virtual switch for DMZ
# (connect your firewall/router KVM instance and private DMZ hosts here)
auto vmbr1
iface vmbr1 inet manual
bridge_ports none
bridge_stp off
bridge_fd 0
# Virtual switch for Private LAN
# (connect your firewall/router KVM instance and private hosts here)
auto vmbr2
iface vmbr2 inet manual
bridge_ports none
bridge_stp off
bridge_fd 0
# Virtual switch for Test Data Center
# (connect your firewall/router KVM instance and private hosts here)
auto vmbr3
iface vmbr3 inet manual
bridge_ports none
bridge_stp off
bridge_fd 0
-----------------------------
Inside the Centos KVMs I have this config:
IP: 192.168.0.10
Mask: 255.255.255.0
Gateway & Scope: 176.9.xxx.xxx (as per above example)
The KVMs a bridged to vmbr0
I have also tried containers with venet IP 192.168.0.10 and again no luck
No issues whatsoever with the KVMs running the extra public IPs.
Any ideas?
N
Can someone please have a look and let me know if there is something wrong? I have tried several changes but no luck.
--------------------------------------
# /etc/network/interfaces
#
auto lo
iface lo inet loopback
# device: eth0
iface eth0 inet manual
# IPv4 bridge
# (connect ONLY your firewall/router KVM instance here, this is the WAN device!)
auto vmbr0
iface vmbr0 inet static
# Hetzner primary WAN IP
address 176.9.xxx.xxx
# Hetzner primary WAN IP broadcast address
broadcast 176.9.xxx.xyz
# This netmask needs to have all bits set
netmask 255.255.255.255
# Our gateway is reachable via Point-to-Point tunneling
# put the Hetzner gateway IP address here twice
pointopoint 176.9.xxx.yyy
gateway 176.9.xxx.yyy
# Virtual bridge settings
# this one is bridging physical eth0 interface
bridge_ports eth0
bridge_stp off
bridge_fd 0
# add a static route through the Hetzner gateway IP
# for the subnet our primary IP belongs to
up route add -net 176.9.xxx.zyx netmask 255.255.255.224 gw 176.9.xxx.yyy vmbr0
# Add routing for up to 4 dedicated IP's we get from Hetzner
# You need to
up ip route add 176.9.xxx.xx1/32 dev vmbr0
up ip route add 176.9.xxx.xx2/32 dev vmbr0
up ip route add 176.9.xxx.xx3/32 dev vmbr0
up ip route add 176.9.xxx.xx4/32 dev vmbr0
# Assure local routing of private IPv4 IP's from our
# Proxmox host via our firewall's WAN port
up ip route add 192.168.0.0/16 via 176.9.xxx.xx1 dev vmbr0
up ip route add 172.16.0.0/12 via 176.9.xxx.xx1 dev vmbr0
up ip route add 10.0.0.0/8 via 176.9.xxx.xx1 dev vmbr0
# IPv6 bridge
# (connect ONLY your firewall/router KVM instance here, this is the WAN device!)
iface vmbr0 inet6 static
address 2a01:4f8:151:XXX::3
netmask 64
up ip -6 route add 2a01:4f8:151:XXX::1 dev vmbr0
up ip -6 route add default via 2a01:4f8:151:XXX::1
# Virtual switch for DMZ
# (connect your firewall/router KVM instance and private DMZ hosts here)
auto vmbr1
iface vmbr1 inet manual
bridge_ports none
bridge_stp off
bridge_fd 0
# Virtual switch for Private LAN
# (connect your firewall/router KVM instance and private hosts here)
auto vmbr2
iface vmbr2 inet manual
bridge_ports none
bridge_stp off
bridge_fd 0
# Virtual switch for Test Data Center
# (connect your firewall/router KVM instance and private hosts here)
auto vmbr3
iface vmbr3 inet manual
bridge_ports none
bridge_stp off
bridge_fd 0
-----------------------------
Inside the Centos KVMs I have this config:
IP: 192.168.0.10
Mask: 255.255.255.0
Gateway & Scope: 176.9.xxx.xxx (as per above example)
The KVMs a bridged to vmbr0
I have also tried containers with venet IP 192.168.0.10 and again no luck
No issues whatsoever with the KVMs running the extra public IPs.
Any ideas?
N