Network configuration with Proxmox on Hetzner dedicated Server

apfelcast

New Member
Dec 29, 2019
3
0
1
34
Hi,

I have installed Proxmox on a Hetzner dedicated Server. Basically I want run multiple web servers in Linux Containers (LXC). Right now all the continuers are Ubuntu 19.04 Containers.

In sum I have three public IPs.
IP1: 88.198.38.xxx (root IP)
IP2: 88.198.165.1xx (additional IP1)
IP3: 88.198.165.2xx (additional IP2)

I feel like I have read nearly every single how to on the internet which is related to the network configuration of Proxmox for Hetzner. Although I have tried many different attempts, none of these are working right now. This means the container can't reach the Internet und I can't reach the container from the outside.

Here is my /etc/network/interfaces

Code:
source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

iface lo inet6 loopback

auto enp2s0
iface enp2s0 inet static
        address  88.198.38.xxx
        netmask  255.255.255.224
        gateway  88.198.38.97
        up route add -net 88.198.38.96 netmask 255.255.255.224 gw 88.198.38.97 dev enp2s0
# route 88.198.38.96/27 via 88.198.38.97

iface enp2s0 inet6 static
        address  2a01:4f8:a0:1397::2
        netmask  64
        gateway  fe80::1

auto vmbr0
iface vmbr0 inet static
        address 88.198.38.xxx
        netmask 255.255.255.255
        bridge-ports none
        bridge-stp off
        bridge-fd 0
          up ip route add 88.198.165.1xx/32 dev vmbr0
          up ip route add 88.198.165.2xx/32 dev vmbr0

I have configured the Containers network using the GUI. Here I have set the Containers IP to one of the additional IPs (88.198.165.1xx/32), for the Gateway I set the root IP (88.198.38.xxx) and I have added the corresponding MAC Adress from Hetzner.

Does somebody have an idea or tipp what the problem could be?
 
Yes, I uncommented the following in [I] /etc/sysctl.conf [/I]:

Code:
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
 
This is a working config:
Code:
source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback
iface lo inet6 loopback

auto enp0s31f6
iface enp0s31f6 inet static
  address 88.198.aa.bb
  netmask 255.255.255.255
  pointopoint 88.198.xx.xx
  gateway 88.198.xx.xx

iface enp0s31f6 inet6 static
  address 2a01:4f8:140:41e9::2
  netmask 128
  gateway fe80::1
  up sysctl -p

auto vmbr0
iface vmbr0 inet static
  address 88.198.aa.bb
  netmask 255.255.255.255
  bridge_ports none
  bridge_stp off
  bridge_fd 0
  up ip route add 88.198.xx.zzz/32 dev vmbr0
  up ip route add 88.198.xx.yyy/32 dev vmbr0

iface vmbr0 inet6 static
  address 2a01:4f8:xxx:yyyy::2
  netmask 64
pointopoint is the same as gateway and " add 88.198.xx.zzz/32 dev vmbr0" is your additional ip-
 
I have copied your interfaces config and I have adjusted it to my IP adresses. But still my container cant't reach the internet and I can't reach the container.
I have attached a screenshot of my container network settings from the GUI.

The MAC adress is the one I got from Hetzner, the IPv6 is one of the additional IPs and the Gateway is the servers root IP.
Bildschirmfoto 2019-12-29 um 18.33.10.png
 
After some struggles I managed to use new IP class on Hetzner dedicated server...
This is my configuration (my subnet is a /29):

- Debian/Proxmox Host:

Code:
source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

iface lo inet6 loopback

auto enp35s0
iface enp35s0 inet static
  address [My first single Public IP]
  netmask 255.255.255.255
  pointopoint [gateway IP]
  gateway [gateway IP]
  up route add -net [gateway IP -1] netmask 255.255.255.192 gw [gateway IP] dev enp35s0

auto vmbr0
iface vmbr0 inet static
  address [First usable IP of subnet]
  netmask 255.255.255.255
  bridge_ports none
  bridge_stp off
  bridge_fd 0
  up ip route add [2nd IP]/32 dev vmbr0
  up ip route add [3nd IP]/32 dev vmbr0
  up ip route add [4nd IP]/32 dev vmbr0
  up ip route add [5nd IP]/32 dev vmbr0
  up ip route add [6nd IP]/32 dev vmbr0

- KVM (Centos) Guest:

Code:
TYPE=Ethernet
BOOTPROTO=static
IPADDR=[One usable subnet IP]
NETMASK=255.255.255.255
SCOPE="peer [gateway IP]"
DNS1=213.133.98.98
DNS2=213.133.99.99
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth0
UUID=b0a8b7c0-6c80-4c01-8ba4-bfb5483c110d
DEVICE=eth0
ONBOOT=yes
ip route add [gateway IP] dev eth0
ip route add default via [gateway IP] dev eth0
PROXY_METHOD=none
BROWSER_ONLY=no
PREFIX=32
DEFROUTE=yes

Note:
1. DON'T FORGET TO ADD EXPLICIT NETWORK ROUTES
2. FOR KVM DISABLE FIREWALL CHECKBOX in Hardware->NetworkDevice

- LXC Guest

For LXC is very straightforward as you can see in this image:

Schermata 2020-01-03 alle 11.35.48.jpg

In my environment LXC work well with firewall checkbox checked.
You can try to disable if you have troubles.

Ps.
For LXC's, Proxmox Will ADD AUTOMATICALLY this code in network configuration (this example is for a Debian guest):
You can check it if you want but please don't touch or overwrite the file...

Code:
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address [One usable subnet IP]
        netmask 255.255.255.255
# --- BEGIN PVE ---
        post-up ip route add [gateway IP] dev eth0
        post-up ip route add default via [gateway IP] dev eth0
        pre-down ip route del default via [gateway IP] dev eth0
        pre-down ip route del  [gateway IP] dev eth0
# --- END PVE ---

Hope this helps.
 
Last edited:
I have an unbelievable problem

Host server
auto lo
iface lo inet loopback

iface lo inet6 loopback

auto enp0s31f6
iface enp0s31f6 inet static
<------>address 159.69.59.XX
<------>netmask 255.255.255.248
<------>gateway 159.69.59.1
<------>pointopoint 159.69.59.1
<------>up route add -net 159.69.59.0 netmask 255.255.255.192 gw 159.69.59.1 dev enp0s31f6



auto vmbr1
iface vmbr1 inet manual
<------>address 176.9.173.A
<------>netmask 255.255.255.248
<------>bridge-ports none
<------>bridge-stp off
<------>bridge-fd 0
<------>up ip route add 176.9.173.B/32 dev vmbr1


VM

iface ens18 inet static
<------>address 176.9.173.B
<------>netmask 255.255.255.2255
<------>gateway 176.9.173.A


I have a ping from VM to 176.9.173.A but Internet do not work
On host server
sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.all.proxy_arp = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv6.conf.all.forwarding = 1

Can someone understand what is happening? I have run out of ideas and attempts to tune.
 
Hello everybody.

I have a problem with the network configuration.
I have a Hetzner Server.
I installed ProxMox.
I added 2 virtual machines, one with Debian 11 on which IspManager is installed and another with Windows 11.

On the first machine with Debian 11 I chose vmbr0 and put the MAC of the additional IP AA.BB.CCC.EEE and there is no internet connection.
In the network configuration I have the following:
IPv4 Address: AA.BB.CCC.DDD # Main IP Address
MAC: additional IP data
Gateway: AA.BB.CCC.129
Netmask: 255.255.255.192
DNS: 213.133.98.98, 213.133.99.99 # of Hetzner

Configuration for this VM:
Code:
source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

On the second machine with Windows 11 I chose vmbr1 and with the following network configuration:
IP address: 10.10.10.10
Subnet mask: 255.255.255.0
Gateway: AA.BB.CCC.DDD # Main IP Address
Preferred DNS server: 8.8.8.8
On this machine everything is working fine and I have access from anywhere through the main IP.

Configuration in ProxMox:
Code:
source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

iface lo inet6 loopback

auto enp0s31f6
iface enp0s31f6 inet static
    address AA.BB.CCC.DDD/26
    netmask 255.255.255.192
    pointopoint AA.BB.CCC.129
    gateway AA.BB.CCC.129
    up route add -net AA.BB.CCC.128 netmask 255.255.255.192 gw AA.BB.CCC.129 dev enp0s31f6
   
auto vmbr0
iface vmbr0 inet static
    address AA.BB.CCC.DDD/26 # Main IP Address
    netmask 255.255.255.192
    bridge-ports none
    bridge-stp off
    bridge-fd 0
    up ip route add AA.BB.CCC.EEE/32 dev vmbr0 # AA.BB.CCC.EEE Additional IP

auto vmbr1
iface vmbr1 inet static
    address 10.10.10.1/24
    bridge-ports none
    bridge-stp off
    bridge-fd 0

    post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o enp0s31f6 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o enp0s31f6 -j MASQUERADE
    post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
    post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

What should I do to make the first machine work? Thank you for your help.
 
Last edited: