Forked from jpawlowski/msys_hetzner-etc_network_interfaces
Created
May 20, 2017 21:57
-
-
Save EugenMayer/c0386c103b1cd8d8a02c3d6ce973cf08 to your computer and use it in GitHub Desktop.
Debian network configuration for Proxmox VE server running on a Hetzner host
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/network/interfaces | |
| # | |
| auto lo | |
| iface lo inet loopback | |
| # device: eth0 | |
| iface eth0 inet manual | |
| # IPv4 bridge | |
| # (connect ONLY your firewall/router KVM instance here, this is the WAN device!) | |
| auto vmbr0 | |
| iface vmbr0 inet static | |
| # Hetzner primary WAN IP | |
| address 176.9.xxx.xxx | |
| # Hetzner primary WAN IP broadcast address | |
| broadcast 176.9.xxx.xyz | |
| # This netmask needs to have all bits set | |
| netmask 255.255.255.255 | |
| # Our gateway is reachable via Point-to-Point tunneling | |
| # put the Hetzner gateway IP address here twice | |
| pointopoint 176.9.xxx.yyy | |
| gateway 176.9.xxx.yyy | |
| # Virtual bridge settings | |
| # this one is bridging physical eth0 interface | |
| bridge_ports eth0 | |
| bridge_stp off | |
| bridge_fd 0 | |
| # add a static route through the Hetzner gateway IP | |
| # for the subnet our primary IP belongs to | |
| up route add -net 176.9.xxx.zyx netmask 255.255.255.224 gw 176.9.xxx.yyy vmbr0 | |
| # Add routing for up to 4 dedicated IP's we get from Hetzner | |
| # You need to | |
| up ip route add 176.9.xxx.xx1/32 dev vmbr0 | |
| up ip route add 176.9.xxx.xx2/32 dev vmbr0 | |
| up ip route add 176.9.xxx.xx3/32 dev vmbr0 | |
| up ip route add 176.9.xxx.xx4/32 dev vmbr0 | |
| # Assure local routing of private IPv4 IP's from our | |
| # Proxmox host via our firewall's WAN port | |
| up ip route add 192.168.0.0/16 via 176.9.xxx.xx1 dev vmbr0 | |
| up ip route add 172.16.0.0/12 via 176.9.xxx.xx1 dev vmbr0 | |
| up ip route add 10.0.0.0/8 via 176.9.xxx.xx1 dev vmbr0 | |
| # IPv6 bridge | |
| # (connect ONLY your firewall/router KVM instance here, this is the WAN device!) | |
| iface vmbr0 inet6 static | |
| address 2a01:4f8:151:XXX::3 | |
| netmask 64 | |
| up ip -6 route add 2a01:4f8:151:XXX::1 dev vmbr0 | |
| up ip -6 route add default via 2a01:4f8:151:XXX::1 | |
| # Virtual switch for DMZ | |
| # (connect your firewall/router KVM instance and private DMZ hosts here) | |
| auto vmbr1 | |
| iface vmbr1 inet manual | |
| bridge_ports none | |
| bridge_stp off | |
| bridge_fd 0 | |
| # Virtual switch for Private LAN | |
| # (connect your firewall/router KVM instance and private hosts here) | |
| auto vmbr2 | |
| iface vmbr2 inet manual | |
| bridge_ports none | |
| bridge_stp off | |
| bridge_fd 0 | |
| # Virtual switch for Test Data Center | |
| # (connect your firewall/router KVM instance and private hosts here) | |
| auto vmbr3 | |
| iface vmbr3 inet manual | |
| bridge_ports none | |
| bridge_stp off | |
| bridge_fd 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/pve/qemu-server/100.conf | |
| # | |
| # This is an example KVM host configuration I use for my | |
| # Vyatta router instance. | |
| # It was created with the Proxmox web interface and should | |
| # just introduce you to the used network configuration | |
| # (see the 5 network interfaces and their bridge connections). | |
| # That means you won't need to hack the configuration file yourself, | |
| # just keep settings here in mind when creating your virtual host | |
| # in the Proxmox interface. | |
| # | |
| # net0 - WAN interface used for dedicated IPv4 connection handling | |
| # net1 - WAN interface used for dedicated IPv6 connection handling | |
| # net2 - DMZ interface for the majority of my virtual OpenVZ and KVM hosts | |
| # net3 - Private hosts only accessible via VPN | |
| # net4 - Private hosts only accessible via VPN | |
| # | |
| # Of course you could use less interfaces (net0+net1 could be combined | |
| # in a normal dual-stack configuration and net2/3/4 could be one | |
| # interface only if you don't want/need such a complex configuration). | |
| # | |
| # IMPORTANT: net0 uses the MAC address that was assigned by Hetzner to one | |
| # of my additional IPv4 addresses. This is essential to have a working connection. | |
| # I also requested MAC addresses for the other IP's but it's sufficient to have only one of the MAC's | |
| # in your configuration. | |
| # | |
| # Now go and have your firewall instance listening to all your additional | |
| # IPv4 addresses and setup destination NAT to your private IPv4 addressed | |
| # hosts connected to net2. | |
| boot: cd | |
| bootdisk: virtio0 | |
| cores: 2 | |
| cpu: host | |
| ide2: none,media=cdrom | |
| memory: 2048 | |
| name: msys-firewall-instance | |
| # IMPORTANT: net0 has set the MAC address assigned by Hetzner | |
| net0: virtio=00:50:56:00:XX:YY,bridge=vmbr0 | |
| net1: virtio=56:4A:05:76:D6:F8,bridge=vmbr0 | |
| net2: virtio=76:EE:88:BA:17:DF,bridge=vmbr1 | |
| net3: virtio=EE:10:82:D7:3C:14,bridge=vmbr2 | |
| net4: virtio=DA:18:23:03:D0:C7,bridge=vmbr3 | |
| onboot: 1 | |
| ostype: l26 | |
| sockets: 2 | |
| startup: order=1 | |
| virtio0: local:100/vm-100-disk-1.qcow2,cache=writeback |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment