random proxmox bridge config hetzner
auto vmbr0
iface vmbr0 inet static
address primary_ip
netmask 255.255.255.255
bridge_ports none
bridge_stp off
bridge_fd 0
bridge_maxwait 0
pre-up brctl addbr vmbr0
up ip route add subnetip1/32 dev vmbr0
Thanks to mmolitor87#7314 for helping me out on /r/admincraft's Discord server! I just rewrote what he said to make a nice and tidy post, to make it easier for me (and other users) to setup Proxmox on a new machine
In this tutorial I will use Windows Bash (via Windows Subsystem for Linux, running Ubuntu), but this tutorial will work with an Linux distro too.
First, go to your dedicated server dashboard and install Proxmox, SoYouStart (and OVH) has an option install Proxmox directly from the dashboard on the Reinstall option.
Choose Proxmox VE 5 (64 bits) (if you have multiple devices that you want to make a pool with, choose the option with ZFS), after that, wait until Proxmox is installed...
When Proxmox finishes installing (it may take an while...), you will receive an email with your account details, go to Proxmox's dashboard (it will be on your email) and login with the details.
Your browser may complain that it doesn't have a valid certificate, just click "Continue".
After logging in, you will need to secure your Proxmox install!
Go to Authentication then click on pam.
Change TFA to OATH, then click on OK, this will enable two factor authentication.
Now connect to your dedicated server via SSH and use oathkeygen, this will generate a authentication key, copy the generated key,
o to Users and double click on the root user and paste the generated key on the Key IDs section.
Now use a 2FA app (I recommend using Authy) and add the key to the app (on Authy: Click on the three dots on the top right, "Add Account", "Add code manually")
Done! Now when logging in to the Proxmox dashboard, it will ask for your TOTP code!
Now configure fail2ban, here is a great tutorial about how to configure Proxmox on your machine: https://pve.proxmox.com/wiki/Fail2ban
And for super extra security, configure a SSH Key for you (it is for Ubuntu, but it also works in Proxmox): https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-on-ubuntu-1604
On the Proxmox host, we will make a new adapter (NAT), use nano /etc/network/interfaces and add this to the end of the file.
# NAT
auto vmbr1
iface vmbr1 inet static
address 10.0.0.1
netmask 255.255.255.0
bridge-ports none
bridge-stp off
bridge-fd 0
You can change 10.0.0.1 to something else (like 192.168.1.1 or any other internal network) if you want to.
After you done that, use apt-get install ufw && ufw enable
You will notice that you can't access Proxmox's dashboard anymore.
"THIS TUTORIAL SUCKS FUK U YOU BROKE MY PROXMOX INSTALL"
wew calm down, now use ufw allow 8006/tcp and ufw allow ssh, this will allow access to Proxmox's dashboard and SSH.
Use nano /etc/default/ufw and change DEFAULT_FORWARD_POLICY to ACCEPT
Use nano /etc/ufw/sysctl.conf and uncomment the net/ipv4/ip_forward=1 thingy.
Now let's add some rules, use nano /etc/ufw/before.rules and in the top (right after the file's header) add
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
# Flush rules on ufw enable/disable
-F
# Forward traffic through vmbr0
-A POSTROUTING -s 10.0.0.0/24 -o vmbr0 -j MASQUERADE
# Port Forwardings
-A PREROUTING -i vmbr0 -p tcp -m multiport --dports 80,443 -j DNAT --to 10.0.0.2
# don't delete the 'COMMIT' line or these nat table rules won't
# be processed
COMMIT
Use ufw disable && ufw enable to restart ufw.
Now use ufw status verbose, it should show something like this.
root@ns533910:~# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip
To Action From
-- ------ ----
8006/tcp ALLOW IN Anywhere
22/tcp ALLOW IN Anywhere
8006/tcp (v6) ALLOW IN Anywhere (v6)
22/tcp (v6) ALLOW IN Anywhere (v6)
Now reboot your machine (on SoYouStart's dashboard).
You will need a distro to install, so download an ISO from somewhere and save it on /var/lib/vz/template/iso/, I will install Ubuntu because why not? But you can install something else like CentOS or Justin Bieber Linux to host your fancy Minecraft server.
wget http://cdimage.ubuntu.com/ubuntu/releases/18.04/release/ubuntu-18.04.1-server-amd64.iso
Now let's go back to Proxmox's dashboard and create a VM!
Choose your VM the way you like, the only thing that you need to know is:
Hard drive: Using raw is faster, but it is bad if you want to make snapshots.Network: Change tovmbr1
Everything is good? Click on Finish!
Now start the VM (right click -> Start) and go to the "Console" tab, then install the OS like you always do.
Newer Ubuntu Server versions has network config directly on the setup, you can configure there (it is easier!)
(I recommend installing "OpenSSH Server" if it asks you, it makes it easier to debug issues since you can't copy and paste on the web console)
When installing, it will fail the network test, and that's ok, that's why we will configure the adapter manually later :)
After the installation finishes, we will configure the network adapter manually, use sudo nano /etc/netplan/01-netcfg.yaml on the VM and write this on the end of the file
network:
version: 2
renderer: networkd
ethernets:
ens18:
addresses: [ 10.0.0.2/24 ]
gateway4: 10.0.0.1
nameservers:
addresses:
- "1.1.1.1"
- "1.0.0.1"
You can use other DNS' servers if you want to, like Google's (8.8.8.8 and 8.4.4.4)
You can also change the addresses to something else, if you want to².
Now reboot the machine and try pinging something ping google.com and see if it is working!
And that's it! Now let's try connecting to the VM via Proxmox (SSH)
Use ssh [email protected], if everything goes well, you will be able to connect to your VM!
Have fun! :)