promox hetznet install?

W

whatcher1074

New Member
Oct 7, 2021
7
1
3
50
https://community.hetzner.com/tutorials/install-and-configure-proxmox_ve


I am following the promox hetzner installation guide and my new linux bridge keeps failing. It is stating it needs a virtual mac address per hetzner as well as setup properly. It locks up my system each time what am i doing wrong here?

# /etc/network/interfaces# /etc/network/interfaces

iface eno1 inet static
address 192.9.122.105/27
gateway 192.9.122.97
up route add -net 192.9.122.96 netmask 255.255.255.224 gw 192.9.122.97 dev eno1
# route 192.9.122.96/27 via 192.9.122.97


#auto vmbr0
#iface vmbr0 inet static
# address 10.10.10.2/24
# hwaddress 00:50:56:00:88:1E # MAC address of the NIC, required since Proxmox 7.0
# netmask 255.255.255.254
# bridge-ports eno1
# bridge-stp off
# bridge-fd 0
# bridge-vlan-aware yes
# bridge-vids 2-4094
 
Hi,
For setup with Hetzner, if you only have a single public IP address, it's probably best to follow the Masquerading setup (see "3.3.6 Masquerading (NAT) with iptables", in the PVE admin guide [1]). The probable reason for the MAC address errors is stated in section "3.3.5 Routed Configuration"[1]:
"Most hosting providers do not support the above setup. For security reasons, they disable networking as soon as they detect multiple MAC addresses on a single interface."
Click to expand...


[1] https://pve.proxmox.com/pve-docs/pve-admin-guide.html#sysadmin_network_configuration
 
Thanks, I do have a second ip with a virtual mac address. The second ip is here up route add -net 192.9.122.96 netmask 255.255.255.224 gw 192.9.122.97 dev eno1

I am using the virtual mac address here below per the hetzner instructions is this correct or do I need to add the second ip,gw etc... into my nic as eno1:1 then follow the instructions you provided?

#auto vmbr0
#iface vmbr0 inet static
# address 10.10.10.2/24
# hwaddress 00:50:56:00:88:1E # MAC address of the NIC, required since Proxmox 7.0
# netmask 255.255.255.254
# bridge-ports eno1
# bridge-stp off
# bridge-fd 0
# bridge-vlan-aware yes
# bridge-vids 2-4094
 
I followed the documentation with no success. I am still not able to get outbond on my guest vm using a static ip of 10.10.10.5 subnet mask of 255.255.255.224 and gateway of 192.9.122.97


my promox main host server config below

iface eno1 inet static
address 192.9.122.105/27
gateway 192.9.122.97
up route add -net 192.9.122.96 netmask 255.255.255.224 gw 192.9.122.97 dev eno1
# route 192.9.122.96/27 via 192.9.122.97


auto vmbr0
iface vmbr0 inet static
address 10.10.10.1/24
netmask 255.255.255.224
# pointopoint 192.9.122.97
# gateway 192.9.122.97
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE
 
whatcher1074 said:
up route add -net 192.9.122.96 netmask 255.255.255.224 gw 192.9.122.97 dev eno1
Click to expand...
This line is routing an entire range of addresses (192.9.122.96/27) to 192.9.122.97. Did you instead mean to use route add -host 192.9.122.96...? Also, may I ask what you want to achieve with this line?

whatcher1074 said:
I am still not able to get outbond on my guest vm using a static ip of 10.10.10.5 subnet mask of 255.255.255.224 and gateway of 192.9.122.97
Click to expand...
If the VM is on the bridge vmbr0, it should be using 10.10.10.1 as its gateway. As for the subnet mask, see my comment below.

whatcher1074 said:
iface vmbr0 inet static
address 10.10.10.1/24
netmask 255.255.255.224
Click to expand...
You have specified two contradicting netmasks here. The /24 after the address represents a netmask of 255.255.255.0. I would just delete the line "netmask 255.255.255.224".

It's possible that you also need to configure conntrack zones for outgoing connections. To do this add the following lines to the vmbr0 configuration:
Code: 
post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
 
dylanw said:
This line is routing an entire range of addresses (192.9.122.96/27) to 192.9.122.97. Did you instead mean to use route add -host 192.9.122.96...? Also, may I ask what you want to achieve with this line?


If the VM is on the bridge vmbr0, it should be using 10.10.10.1 as its gateway. As for the subnet mask, see my comment below.


You have specified two contradicting netmasks here. The /24 after the address represents a netmask of 255.255.255.0. I would just delete the line "netmask 255.255.255.224".

It's possible that you also need to configure conntrack zones for outgoing connections. To do this add the following lines to the vmbr0 configuration:
Code: 
post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
Click to expand...
Thanks for the help the outbound web access to the vms is working now. It was the nat it wasnt setup properly on my end. I managed to get it resolved last night. :)
 
  • Like
Reactions: dylanw
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back