Hello everyone,
I'm new to the worlds of Proxmox and advanced networking, but I'm a moderately experienced Linux user and have a knack for finding solutions online. However, I've hit a wall with my specific use case and I'm hoping this community can offer some guidance.
My setup consists of a dedicated server from Hetzner running Proxmox. I have two dedicated public IP addresses from Hetzner. My goal is to use one IP for the Proxmox host itself and dedicate the second IP to a virtualized router/firewall. This virtual router will then provide network access to all my other VMs and LXC containers.
I've chosen to use OpenWRT as my virtual router. My primary motivation for this is to leverage Traefik for managing access to my services. For those unfamiliar, Traefik is a modern reverse proxy and load balancer that automatically discovers and creates routes to my applications as they are deployed. This is especially powerful in a containerized environment, as it simplifies the process of securely exposing services without manual configuration for each new service.
My understanding is that to make this work, I need to forward ports through the virtual router to Traefik, which seems to be a more robust and flexible approach than assigning dedicated ports. I've read that other popular virtual router options like pfSense and OPNsense can have compatibility issues with Traefik, particularly around DNS resolution and how they handle proxied traffic, which is why I'm focusing on OpenWRT.
I know that a bridged network setup is required and that I must use the specific MAC address provided by Hetzner for my second IP address. I've attempted to follow the official Hetzner tutorial for this, but I'm struggling to get my virtual router online and properly routing traffic.
Here's a summary of what I'm trying to achieve:
Here is my /etc/network/interfaces config for reference:
I'm new to the worlds of Proxmox and advanced networking, but I'm a moderately experienced Linux user and have a knack for finding solutions online. However, I've hit a wall with my specific use case and I'm hoping this community can offer some guidance.
My setup consists of a dedicated server from Hetzner running Proxmox. I have two dedicated public IP addresses from Hetzner. My goal is to use one IP for the Proxmox host itself and dedicate the second IP to a virtualized router/firewall. This virtual router will then provide network access to all my other VMs and LXC containers.
I've chosen to use OpenWRT as my virtual router. My primary motivation for this is to leverage Traefik for managing access to my services. For those unfamiliar, Traefik is a modern reverse proxy and load balancer that automatically discovers and creates routes to my applications as they are deployed. This is especially powerful in a containerized environment, as it simplifies the process of securely exposing services without manual configuration for each new service.
My understanding is that to make this work, I need to forward ports through the virtual router to Traefik, which seems to be a more robust and flexible approach than assigning dedicated ports. I've read that other popular virtual router options like pfSense and OPNsense can have compatibility issues with Traefik, particularly around DNS resolution and how they handle proxied traffic, which is why I'm focusing on OpenWRT.
I know that a bridged network setup is required and that I must use the specific MAC address provided by Hetzner for my second IP address. I've attempted to follow the official Hetzner tutorial for this, but I'm struggling to get my virtual router online and properly routing traffic.
Here's a summary of what I'm trying to achieve:
- Proxmox Host: Accessible via its own dedicated public IP.
- OpenWRT VM: Assigned the second dedicated public IP (with its Hetzner-provided MAC address) and acting as the gateway for all other VMs and containers.
- Other VMs/LXCs: Accessing the internet through the OpenWRT VM.
- Traefik: Running within my containerized environment and accessible via port forwarding through the OpenWRT VM.
- The correct Proxmox network configuration for a bridged setup with a dedicated IP and MAC address for a VM on a Hetzner server.
- Any known gotchas or specific configurations needed within OpenWRT to get it to function correctly as a virtualized router on Proxmox with a public IP.
- Confirmation if my understanding of the networking model is correct for this scenario.
Here is my /etc/network/interfaces config for reference:
Code:
auto lo
iface lo inet loopback
iface eno1 inet manual
auto vmbr0
iface vmbr0 inet static
address 135.abc.cde.yyy/26
gateway 135.abc.cde.xxx
bridge-ports eno1
bridge-stp off
bridge-fd 0
auto vmbr1
iface vmbr1 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0