├── img
├── proxmox
│ ├── arch.png
│ ├── proxmox-0.png
│ ├── proxmox-1.png
│ └── proxmox-2.png
├── fedora
│ ├── fedora-0.png
│ ├── fedora-1.png
│ └── fedora-2.png
├── pfsense
│ ├── pfsense-0.png
│ ├── pfsense-1.png
│ ├── pfsense-2.png
│ ├── pfsense-3.png
│ ├── pfsense-4.png
│ ├── pfsense-5.png
│ ├── pfsense-6.png
│ └── pfsense-7.png
└── hetzner
│ ├── fetch-meta-0.png
│ ├── fetch-meta-1.png
│ └── fetch-meta-2.png
├── tests
└── 13-06-2024
│ ├── hetzner_overview.gif
│ ├── proxmox_overview.gif
│ └── gist.sh
├── script
├── network_config.sh
└── network_config_updated.sh
├── README.md
└── diagrams
└── hetzner-proxmox-single.drawio
/img/proxmox/arch.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/la-cc/hetzner-proxmox-single/HEAD/img/proxmox/arch.png
--------------------------------------------------------------------------------
/img/fedora/fedora-0.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/la-cc/hetzner-proxmox-single/HEAD/img/fedora/fedora-0.png
--------------------------------------------------------------------------------
/img/fedora/fedora-1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/la-cc/hetzner-proxmox-single/HEAD/img/fedora/fedora-1.png
--------------------------------------------------------------------------------
/img/fedora/fedora-2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/la-cc/hetzner-proxmox-single/HEAD/img/fedora/fedora-2.png
--------------------------------------------------------------------------------
/img/pfsense/pfsense-0.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/la-cc/hetzner-proxmox-single/HEAD/img/pfsense/pfsense-0.png
--------------------------------------------------------------------------------
/img/pfsense/pfsense-1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/la-cc/hetzner-proxmox-single/HEAD/img/pfsense/pfsense-1.png
--------------------------------------------------------------------------------
/img/pfsense/pfsense-2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/la-cc/hetzner-proxmox-single/HEAD/img/pfsense/pfsense-2.png
--------------------------------------------------------------------------------
/img/pfsense/pfsense-3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/la-cc/hetzner-proxmox-single/HEAD/img/pfsense/pfsense-3.png
--------------------------------------------------------------------------------
/img/pfsense/pfsense-4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/la-cc/hetzner-proxmox-single/HEAD/img/pfsense/pfsense-4.png
--------------------------------------------------------------------------------
/img/pfsense/pfsense-5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/la-cc/hetzner-proxmox-single/HEAD/img/pfsense/pfsense-5.png
--------------------------------------------------------------------------------
/img/pfsense/pfsense-6.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/la-cc/hetzner-proxmox-single/HEAD/img/pfsense/pfsense-6.png
--------------------------------------------------------------------------------
/img/pfsense/pfsense-7.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/la-cc/hetzner-proxmox-single/HEAD/img/pfsense/pfsense-7.png
--------------------------------------------------------------------------------
/img/proxmox/proxmox-0.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/la-cc/hetzner-proxmox-single/HEAD/img/proxmox/proxmox-0.png
--------------------------------------------------------------------------------
/img/proxmox/proxmox-1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/la-cc/hetzner-proxmox-single/HEAD/img/proxmox/proxmox-1.png
--------------------------------------------------------------------------------
/img/proxmox/proxmox-2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/la-cc/hetzner-proxmox-single/HEAD/img/proxmox/proxmox-2.png
--------------------------------------------------------------------------------
/img/hetzner/fetch-meta-0.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/la-cc/hetzner-proxmox-single/HEAD/img/hetzner/fetch-meta-0.png
--------------------------------------------------------------------------------
/img/hetzner/fetch-meta-1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/la-cc/hetzner-proxmox-single/HEAD/img/hetzner/fetch-meta-1.png
--------------------------------------------------------------------------------
/img/hetzner/fetch-meta-2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/la-cc/hetzner-proxmox-single/HEAD/img/hetzner/fetch-meta-2.png
--------------------------------------------------------------------------------
/tests/13-06-2024/hetzner_overview.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/la-cc/hetzner-proxmox-single/HEAD/tests/13-06-2024/hetzner_overview.gif
--------------------------------------------------------------------------------
/tests/13-06-2024/proxmox_overview.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/la-cc/hetzner-proxmox-single/HEAD/tests/13-06-2024/proxmox_overview.gif
--------------------------------------------------------------------------------
/script/network_config.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | read -p "MAIN_SERVER_IP: " MAINSERVERIP
4 | read -p "MAIN_SERVER_GATEWAY_ADRESS: " GATEWAYADRESS
5 | read -p "NETMASK: " NETMASK
6 | read -p "BROADCASTIP: " BROADCASTIP
7 | read -p "ADDITIONAL_IP_ADRESS: " ADD_IP_ADRESS
8 | read -p "NETWORK_INTERFACE: " NETWORK_INTERFACE
9 |
10 | echo "
11 | ### Hetzner Online GmbH installimage
12 |
13 | source /etc/network/interfaces.d/*
14 |
15 | auto lo
16 | iface lo inet loopback
17 | iface lo inet6 loopback
18 |
19 |
20 | iface ${NETWORK_INTERFACE} inet manual
21 |
22 | up ip route add -net up ip route add -net ${GATEWAYADRESS} netmask ${NETMASK} gw ${GATEWAYADRESS} vmbr0
23 | up sysctl -w net.ipv4.ip_forward=1
24 | up sysctl -w net.ipv4.conf.${NETWORK_INTERFACE}.send_redirects=0
25 | up sysctl -w net.ipv6.conf.all.forwarding=1
26 | up ip route add 192.168.0.0/16 via ${ADD_IP_ADRESS} dev vmbr0
27 | up ip route add 172.16.0.0/12 via ${ADD_IP_ADRESS} dev vmbr0
28 | up ip route add 10.0.0.0/8 via ${ADD_IP_ADRESS} dev vmbr0
29 |
30 |
31 | iface ${NETWORK_INTERFACE} inet6 static
32 | address 2a01:4f8:110:5143::2
33 | netmask 64
34 | gateway fe80::1
35 |
36 |
37 | auto vmbr0
38 | iface vmbr0 inet static
39 | address ${MAINSERVERIP}
40 | netmask ${NETMASK}
41 | gateway ${GATEWAYADRESS}
42 | broadcast ${BROADCASTIP}
43 | bridge-ports ${NETWORK_INTERFACE}
44 | bridge-stp off
45 | bridge-fd 0
46 | pointopoint ${GATEWAYADRESS}
47 | #WAN
48 |
49 |
50 | # Virtual switch for DMZ
51 | # (connect your firewall/router KVM instance and private DMZ hosts here)
52 | auto vmbr1
53 | iface vmbr1 inet manual
54 | bridge_ports none
55 | bridge_stp off
56 | bridge_fd 0
57 | #LAN0
58 |
59 | " >interfaces
60 |
61 | cat interfaces
62 |
63 | while true; do
64 | read -p "Config correct? [yes][no]: " yn
65 | case $yn in
66 | [Yy]*)
67 | echo ""
68 | break
69 | ;;
70 | [Nn]*) exit ;;
71 | *) echo "Please answer yes or no." ;;
72 | esac
73 | done
74 |
75 | mv /etc/network/interfaces /etc/network/interfaces.old
76 | mv interfaces /etc/network/interfaces
77 |
78 | echo "The network can be restarted with the following command: /etc/init.d/networking restart "
79 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Hetzner Proxmox VE Single Setup
2 |
3 | _NOTE_: You can find more information about the preparation steps, including how to order a server from Hetzner and set up the necessary network configuration, in my [Medium Blog - Setup VE with Proxmox on Hetzner — Single Mode](https://medium.com/@artem_lajko/setup-ve-with-proxmox-on-hetzner-single-mode-6b76061efcdb)
4 |
5 | This repo is about the installation of Proxmox 7.X.X and 8.X.X on Hetzner with pfsense as firewall for WAN, IP floating with additional IP address for the VM's to allow SNAT. The setup was last tested on 13.06.2024.
6 |
7 | # Hetzner Promox Architecture
8 |
9 | 
10 |
11 | ## 1. Install Proxmox on Hetzner
12 |
13 | ssh root@178.63.13.156
14 |
15 | #run
16 | installimage
17 |
18 | Chose the right image:
19 |
20 | 
21 | 
22 |
23 | Change install config
24 |
25 | From:
26 |
27 | SWRAIDLEVEL 1
28 |
29 | To:
30 |
31 | SWRAIDLEVEL 0 (to use all Storage sda+sdb)
32 |
33 | From:
34 |
35 | HOSTNAME Proxmox-Ve.localhost
36 |
37 | To:
38 |
39 | proxmox-single.lab.local (you can call it what ever you want)
40 |
41 | From:
42 |
43 | PART /boot ext3 512M
44 | PART lvm vg0 all
45 |
46 | LV vg0 root / ext3 15G
47 | LV vg0 swap swap swap 6G
48 |
49 | To:
50 |
51 | PART /boot ext4 512M
52 | PART lvm vg0 all
53 |
54 | LV vg0 root / ext4 100G
55 | LV vg0 swap swap swap 24G #(available RAM * 1/2)
56 | LV vg0 data /var/lib/vz ext4 3500G #(Remaining memory after deduction of root for storing images and containers)
57 |
58 | The installation takes up to 15 minutes.
59 |
60 | ## 2. Set root password and disable port 111 or service
61 |
62 | After installation a password must be assigned to the root user if access to the Hetzner machine is via ssh-key. The access will be done via the Linux PAM authentication module.
63 |
64 | passwd
65 | New password: xy...
66 | Retype new password:xy...
67 |
68 | Proxmox opens port 111 by default, which is a security risk. Therefore, the port must be disabled.
69 |
70 | iptables -A INPUT -p tcp -m tcp --dport 111 -j DROP
71 | iptables -A INPUT -p udp -m udp --dport 111 -j DROP
72 | sudo /sbin/iptables-save
73 |
74 | ##if the service is not needed, then disable and mask it
75 | sudo systemctl disable --now rpcbind rpcbind.socket
76 | sudo systemctl mask rpcbind
77 |
78 | Now open the Proxmox-Webconsole with your ordered server IP-Address (MAIN-IP) and login with root and your password:
79 |
80 | https://178.10.10.10:8006
81 |
82 | ## 3. Add additional IP-Address and fetch Metadata
83 |
84 | To enable routing to external networks (SNAT), you'll need to request an extra IP address, since the primary IP of the Hetzner VM doesn't support this function.
85 |
86 | You'll need to request a MAC address for the IP address. This MAC address will be later essential for the pfsense VM that handles routing to the WAN.
87 |
88 | ## 4. Config Network
89 |
90 | **Note:** they are a newer version of the network configuration script in the folder `script` called `network_config_updated.sh` which has Multiple IP Address Support, User Confirmation Process, Dynamic Bridge Interface Creation and Improved User Interaction. You can see the whole change under the [pull request](https://github.com/la-cc/hetzner-proxmox-single/pull/3)
91 |
92 | Clone this git repository and execute the script:
93 |
94 | ./script/network_config.sh
95 |
96 | All necessary information (main server ip, gateway, etc.) can be taken from the hetzner robot page like this:
97 |
98 | MAIN-IP + Meta:
99 | 
100 | ADD-IP + Meta + MAC:
101 | 
102 |
103 | ## 5. Upload images (pfsense and fedora)
104 |
105 | 
106 |
107 | ## 6. Create VM and install pfsense
108 |
109 | 
110 | 
111 | 
112 | 
113 | 
114 | 
115 | 
116 |
117 | Now start the pfsense (VM) and install with default settings
118 |
119 | ## 7. Create VM and install fedora (workstation)
120 |
121 | The steps are identical to pfsense except for the choice of bridge. There vmbr1 (DMZ/LAN) must be selected.
122 |
123 | 
124 | 
125 | If you check the IP-Address from the created VM (in my case fedora workstation) like:
126 | 
127 | You will see the ADD-IP-Address. So SNAT is working and you can extend to config pfsense over the UI for your purpose.
128 |
129 | 
130 |
131 | Default credentials are set to **username:** **_admin_** with **password:** **_pfsense_**.
132 |
133 | ## **Finished, enjoy your Proxmox Environment!**
134 |
135 | # Contribution
136 |
137 | If you're eager to contribute to this script, feel free to fork the repository and submit a pull request. Your input is valued and always welcome!
138 |
139 | Current Contributors:
140 |
141 | @L-U-C-K-Y
142 | @V-JobDone
143 | @la-cc
144 |
--------------------------------------------------------------------------------
/script/network_config_updated.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Function to prompt for input with a default value
4 | prompt_input() {
5 | local prompt=$1
6 | local default=$2
7 | read -p "$prompt [$default]: " input
8 | echo "${input:-$default}"
9 | }
10 |
11 | # Function to create bridge interface text for additional IP and internal bridges
12 | create_bridge_text() {
13 | local ip=$1
14 | local bridge_id=$2
15 | local mac_address=$3
16 | local external_bridge_id=$bridge_id
17 | local internal_bridge_id=$((bridge_id * 100))
18 |
19 | # WAN bridge configuration with MAC address and public IP
20 | local bridge_config="
21 | auto vmbr${external_bridge_id}
22 | iface vmbr${external_bridge_id} inet static
23 | address ${ip}
24 | netmask ${NETMASK}
25 | bridge_ports none
26 | bridge_stp off
27 | bridge_fd 0
28 | hwaddress ether ${mac_address}
29 | #WAN ${external_bridge_id}
30 | "
31 |
32 | # LAN bridge configuration without an IP, as it's for internal network only
33 | bridge_config+="
34 | auto vmbr${internal_bridge_id}
35 | iface vmbr${internal_bridge_id} inet manual
36 | bridge_ports none
37 | bridge_stp off
38 | bridge_fd 0
39 | #LAN ${internal_bridge_id}
40 | "
41 |
42 | echo "$bridge_config"
43 | }
44 |
45 | # Collect inputs
46 | MAINSERVERIP=$(prompt_input "MAIN_SERVER_IP" "192.168.0.1")
47 | GATEWAYADDRESS=$(prompt_input "MAIN_SERVER_GATEWAY_ADDRESS" "192.168.0.254")
48 | NETMASK=$(prompt_input "NETMASK" "255.255.255.0")
49 | BROADCASTIP=$(prompt_input "BROADCASTIP" "192.168.0.255")
50 | ADD_IP_ADDRESSES=$(prompt_input "ADDITIONAL_IP_ADDRESSES (comma-separated)" "")
51 | MAC_ADDRESSES=$(prompt_input "MAC_ADDRESSES for additional IPs (comma-separated)" "")
52 | NETWORK_INTERFACE=$(prompt_input "NETWORK_INTERFACE" "eth0")
53 |
54 | # Display inputs for confirmation
55 | echo "---------------------------------------------------------------------"
56 | echo "You have entered the following configuration:"
57 | echo "MAIN_SERVER_IP: $MAINSERVERIP"
58 | echo "MAIN_SERVER_GATEWAY_ADDRESS: $GATEWAYADDRESS"
59 | echo "NETMASK: $NETMASK"
60 | echo "BROADCASTIP: $BROADCASTIP"
61 | echo "ADDITIONAL_IP_ADDRESSES: $ADD_IP_ADDRESSES"
62 | echo "MAC_ADDRESSES: $MAC_ADDRESSES"
63 | echo "NETWORK_INTERFACE: $NETWORK_INTERFACE"
64 |
65 | echo "---------------------------------------------------------------------"
66 | read -p "Is this correct? [yes/no]: " confirmation
67 |
68 | if [[ $confirmation != [Yy]* ]]; then
69 | echo "Exiting without changes."
70 | exit
71 | fi
72 |
73 | # Split ADD_IP_ADDRESSES and MAC_ADDRESSES into arrays
74 | IFS=',' read -ra ADDR <<<"$ADD_IP_ADDRESSES"
75 | IFS=',' read -ra MACS <<<"$MAC_ADDRESSES"
76 |
77 | # Generate dynamic routing rules
78 | additional_routes=""
79 | for add_ip in "${ADDR[@]}"; do
80 | additional_routes+=" up ip route add $add_ip dev ${NETWORK_INTERFACE}
81 | "
82 | done
83 |
84 | # Initialize the interfaces file content
85 | interfaces_content="
86 | ### Hetzner Online GmbH installimage
87 |
88 | source /etc/network/interfaces.d/*
89 |
90 | auto lo
91 | iface lo inet loopback
92 | iface lo inet6 loopback
93 |
94 | # Main network interface configuration
95 | iface ${NETWORK_INTERFACE} inet manual
96 | up ip route add -net ${GATEWAYADDRESS} netmask ${NETMASK} gw ${GATEWAYADDRESS} vmbr0
97 | up sysctl -w net.ipv4.ip_forward=1
98 | up sysctl -w net.ipv4.conf.${NETWORK_INTERFACE}.send_redirects=0
99 | up sysctl -w net.ipv6.conf.all.forwarding=1
100 | $additional_routes
101 | up ip route add 192.168.0.0/16 via ${MAINSERVERIP} dev vmbr0
102 | up ip route add 172.16.0.0/12 via ${MAINSERVERIP} dev vmbr0
103 | up ip route add 10.0.0.0/8 via ${MAINSERVERIP} dev vmbr0
104 |
105 | auto vmbr0
106 | iface vmbr0 inet static
107 | address ${MAINSERVERIP}
108 | netmask ${NETMASK}
109 | gateway ${GATEWAYADDRESS}
110 | broadcast ${BROADCASTIP}
111 | bridge-ports ${NETWORK_INTERFACE}
112 | bridge-stp off
113 | bridge-fd 0
114 | pointopoint ${GATEWAYADDRESS}
115 | #Main IP configuration
116 | "
117 |
118 | # Append bridge interfaces for each additional IP and MAC address and create internal bridges
119 | for i in "${!ADDR[@]}"; do
120 | # Increment bridge_id for each additional IP
121 | bridge_id=$((i + 1))
122 | interfaces_content+=$(create_bridge_text "${ADDR[i]}" "$bridge_id" "${MACS[i]}")
123 | done
124 |
125 | # Save the new configuration to a temporary file
126 | echo "$interfaces_content" > /tmp/new_interfaces
127 |
128 | # Display the current network configuration
129 | echo "---------------------------------------------------------------------"
130 | echo "Current network configuration (/etc/network/interfaces):"
131 | cat /etc/network/interfaces
132 | echo ""
133 |
134 | # Display the new network configuration
135 | echo "---------------------------------------------------------------------"
136 | echo "New network configuration:"
137 | cat /tmp/new_interfaces
138 | echo ""
139 |
140 | # Show the differences
141 | echo "---------------------------------------------------------------------"
142 | echo "Configuration differences:"
143 | diff /etc/network/interfaces /tmp/new_interfaces
144 | echo ""
145 |
146 | # Confirm before applying changes
147 | echo "---------------------------------------------------------------------"
148 | read -p "Apply this network configuration? [yes/no]: " apply_conf
149 |
150 | if [[ $apply_conf == [Yy]* ]]; then
151 | timestamp=$(date +%Y%m%d-%H%M%S)
152 | mv /etc/network/interfaces /etc/network/interfaces.bak-$timestamp
153 | mv /tmp/new_interfaces /etc/network/interfaces
154 | echo "The network can be restarted with the following command: '/etc/init.d/networking' restart or 'systemctl restart networking'"
155 | else
156 | echo "Exiting without applying changes."
157 | rm /tmp/new_interfaces
158 | fi
159 |
--------------------------------------------------------------------------------
/tests/13-06-2024/gist.sh:
--------------------------------------------------------------------------------
1 |
2 | root@proxmox-single ~ # ifconfig
3 | enp0s31f6: flags=4163 mtu 1500
4 | inet 116.202.228.230 netmask 255.255.255.192 broadcast 0.0.0.0
5 | inet6 2a01:4f8:241:485b::2 prefixlen 64 scopeid 0x0
6 | inet6 fe80::921b:eff:fe8d:99ef prefixlen 64 scopeid 0x20
7 | ether 90:1b:0e:8d:99:ef txqueuelen 1000 (Ethernet)
8 | RX packets 1177 bytes 218733 (213.6 KiB)
9 | RX errors 0 dropped 0 overruns 0 frame 0
10 | TX packets 1790 bytes 1872307 (1.7 MiB)
11 | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
12 | device interrupt 16 memory 0xf7000000-f7020000
13 |
14 | lo: flags=73 mtu 65536
15 | inet 127.0.0.1 netmask 255.0.0.0
16 | inet6 ::1 prefixlen 128 scopeid 0x10
17 | loop txqueuelen 1000 (Local Loopback)
18 | RX packets 102 bytes 21805 (21.2 KiB)
19 | RX errors 0 dropped 0 overruns 0 frame 0
20 | TX packets 102 bytes 21805 (21.2 KiB)
21 | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
22 |
23 |
24 | root@proxmox-single ~ # ./network_config.sh
25 | MAIN_SERVER_IP: 116.202.228.216
26 | MAIN_SERVER_GATEWAY_ADRESS: 116.202.228.193
27 | NETMASK: 255.255.255.192
28 | BROADCASTIP: 116.202.228.255
29 | ADDITIONAL_IP_ADRESS: ^C
30 | root@proxmox-single ~ # ./network_config.sh
31 | MAIN_SERVER_IP: 116.202.228.230
32 | MAIN_SERVER_GATEWAY_ADRESS: 116.202.228.193
33 | NETMASK: 255.255.255.192
34 | BROADCASTIP: 116.202.228.255
35 | ADDITIONAL_IP_ADRESS: 116.202.228.216
36 | NETWORK_INTERFACE: enp0s31f6
37 |
38 | ##### Output ####
39 |
40 | auto lo
41 | iface lo inet loopback
42 | iface lo inet6 loopback
43 |
44 |
45 | iface enp0s31f6 inet manual
46 |
47 | up ip route add -net up ip route add -net 116.202.228.193 netmask 255.255.255.192 gw 116.202.228.193 vmbr0
48 | up sysctl -w net.ipv4.ip_forward=1
49 | up sysctl -w net.ipv4.conf.enp0s31f6.send_redirects=0
50 | up sysctl -w net.ipv6.conf.all.forwarding=1
51 | up ip route add 192.168.0.0/16 via 116.202.228.216 dev vmbr0
52 | up ip route add 172.16.0.0/12 via 116.202.228.216 dev vmbr0
53 | up ip route add 10.0.0.0/8 via 116.202.228.216 dev vmbr0
54 |
55 |
56 | iface enp0s31f6 inet6 static
57 | address 2a01:4f8:110:5143::2
58 | netmask 64
59 | gateway fe80::1
60 |
61 |
62 | auto vmbr0
63 | iface vmbr0 inet static
64 | address 116.202.228.230
65 | netmask 255.255.255.192
66 | gateway 116.202.228.193
67 | broadcast 116.202.228.255
68 | bridge-ports enp0s31f6
69 | bridge-stp off
70 | bridge-fd 0
71 | pointopoint 116.202.228.193
72 | #WAN
73 |
74 |
75 | # Virtual switch for DMZ
76 | # (connect your firewall/router KVM instance and private DMZ hosts here)
77 | auto vmbr1
78 | iface vmbr1 inet manual
79 | bridge_ports none
80 | bridge_stp off
81 | bridge_fd 0
82 | #LAN0
83 |
84 |
85 | Config correct? [yes][no]: yes
86 |
87 | The network can be restarted with the following command: /etc/init.d/networking restart
88 | root@proxmox-single ~ # /etc/init.d/networking restart
89 | -bash: /etc/init.d/networking: Permission denied
90 | root@proxmox-single ~ # sudo /etc/init.d/networking restart
91 | sudo: /etc/init.d/networking: command not found
92 | root@proxmox-single ~ # ifconfig
93 | enp0s31f6: flags=4163 mtu 1500
94 | inet 116.202.228.230 netmask 255.255.255.192 broadcast 0.0.0.0
95 | inet6 2a01:4f8:241:485b::2 prefixlen 64 scopeid 0x0
96 | inet6 fe80::921b:eff:fe8d:99ef prefixlen 64 scopeid 0x20
97 | ether 90:1b:0e:8d:99:ef txqueuelen 1000 (Ethernet)
98 | RX packets 2963 bytes 678603 (662.6 KiB)
99 | RX errors 0 dropped 0 overruns 0 frame 0
100 | TX packets 3404 bytes 2360971 (2.2 MiB)
101 | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
102 | device interrupt 16 memory 0xf7000000-f7020000
103 |
104 | lo: flags=73 mtu 65536
105 | inet 127.0.0.1 netmask 255.0.0.0
106 | inet6 ::1 prefixlen 128 scopeid 0x10
107 | loop txqueuelen 1000 (Local Loopback)
108 | RX packets 102 bytes 21805 (21.2 KiB)
109 | RX errors 0 dropped 0 overruns 0 frame 0
110 | TX packets 102 bytes 21805 (21.2 KiB)
111 | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
112 |
113 | root@proxmox-single ~ # reboot
114 | root@proxmox-single ~ # Connection to 116.202.228.230 closed by remote host.
115 | Connection to 116.202.228.230 closed. 13.06.24 11:42:40 aks-excelsior-development/default ⎈
116 | Linux proxmox-single 6.8.4-3-pve #1 SMP PREEMPT_DYNAMIC PMX 6.8.4-3 (2024-05-02T11:55Z) x86_64
117 |
118 | The programs included with the Debian GNU/Linux system are free software;
119 | the exact distribution terms for each program are described in the
120 | individual files in /usr/share/doc/*/copyright.
121 |
122 | Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
123 | permitted by applicable law.
124 | Last login: Thu Jun 13 11:34:38 2024 from 93.234.183.85
125 | root@proxmox-single ~ # ifconfig
126 | enp0s31f6: flags=4163 mtu 1500
127 | ether 90:1b:0e:8d:99:ef txqueuelen 1000 (Ethernet)
128 | RX packets 394 bytes 84943 (82.9 KiB)
129 | RX errors 0 dropped 0 overruns 0 frame 0
130 | TX packets 270 bytes 91513 (89.3 KiB)
131 | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
132 | device interrupt 16 memory 0xf7000000-f7020000
133 |
134 | lo: flags=73 mtu 65536
135 | inet 127.0.0.1 netmask 255.0.0.0
136 | inet6 ::1 prefixlen 128 scopeid 0x10
137 | loop txqueuelen 1000 (Local Loopback)
138 | RX packets 0 bytes 0 (0.0 B)
139 | RX errors 0 dropped 0 overruns 0 frame 0
140 | TX packets 0 bytes 0 (0.0 B)
141 | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
142 |
143 | vmbr0: flags=4163 mtu 1500
144 | inet 116.202.228.230 netmask 255.255.255.255 broadcast 116.202.228.255
145 | inet6 fe80::921b:eff:fe8d:99ef prefixlen 64 scopeid 0x20
146 | ether 90:1b:0e:8d:99:ef txqueuelen 1000 (Ethernet)
147 | RX packets 281 bytes 72227 (70.5 KiB)
148 | RX errors 0 dropped 0 overruns 0 frame 0
149 | TX packets 265 bytes 89977 (87.8 KiB)
150 | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
151 |
152 | vmbr1: flags=4163 mtu 1500
153 | inet6 fe80::a432:9cff:fe67:ad3c prefixlen 64 scopeid 0x20
154 | ether a6:32:9c:67:ad:3c txqueuelen 1000 (Ethernet)
155 | RX packets 0 bytes 0 (0.0 B)
156 | RX errors 0 dropped 0 overruns 0 frame 0
157 | TX packets 4 bytes 480 (480.0 B)
158 | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
159 |
160 |
161 |
162 | ############ network_config_updated.sh ############
163 |
164 |
165 | root@proxmox-single ~ # ./network_config_updated.sh
166 | MAIN_SERVER_IP [192.168.0.1]: 116.202.228.230
167 | MAIN_SERVER_GATEWAY_ADDRESS [192.168.0.254]: 116.202.228.193
168 | NETMASK [255.255.255.0]: 255.255.255.192
169 | BROADCASTIP [192.168.0.255]: 116.202.228.255
170 | ADDITIONAL_IP_ADDRESSES (comma-separated) []: 116.202.228.216
171 | MAC_ADDRESSES for additional IPs (comma-separated) []: 00:50:56:00:4B:CF
172 | NETWORK_INTERFACE [eth0]: enp0s31f6
173 | ---------------------------------------------------------------------
174 | You have entered the following configuration:
175 | MAIN_SERVER_IP: 116.202.228.230
176 | MAIN_SERVER_GATEWAY_ADDRESS: 116.202.228.193
177 | NETMASK: 255.255.255.192
178 | BROADCASTIP: 116.202.228.255
179 | ADDITIONAL_IP_ADDRESSES: 116.202.228.216
180 | MAC_ADDRESSES: 00:50:56:00:4B:CF
181 | NETWORK_INTERFACE: enp0s31f6
182 | ---------------------------------------------------------------------
183 | Is this correct? [yes/no]: y
184 | ---------------------------------------------------------------------
185 | Current network configuration (/etc/network/interfaces):
186 |
187 | ### Hetzner Online GmbH installimage
188 |
189 | source /etc/network/interfaces.d/*
190 |
191 | auto lo
192 | iface lo inet loopback
193 | iface lo inet6 loopback
194 |
195 |
196 | iface enp0s31f6 inet manual
197 |
198 | up ip route add -net up ip route add -net 116.202.228.193 netmask 255.255.255.192 gw 116.202.228.193 vmbr0
199 | up sysctl -w net.ipv4.ip_forward=1
200 | up sysctl -w net.ipv4.conf.enp0s31f6.send_redirects=0
201 | up sysctl -w net.ipv6.conf.all.forwarding=1
202 | up ip route add 192.168.0.0/16 via 116.202.228.216 dev vmbr0
203 | up ip route add 172.16.0.0/12 via 116.202.228.216 dev vmbr0
204 | up ip route add 10.0.0.0/8 via 116.202.228.216 dev vmbr0
205 |
206 |
207 | iface enp0s31f6 inet6 static
208 | address 2a01:4f8:110:5143::2
209 | netmask 64
210 | gateway fe80::1
211 |
212 |
213 | auto vmbr0
214 | iface vmbr0 inet static
215 | address 116.202.228.230
216 | netmask 255.255.255.192
217 | gateway 116.202.228.193
218 | broadcast 116.202.228.255
219 | bridge-ports enp0s31f6
220 | bridge-stp off
221 | bridge-fd 0
222 | pointopoint 116.202.228.193
223 | #WAN
224 |
225 |
226 | # Virtual switch for DMZ
227 | # (connect your firewall/router KVM instance and private DMZ hosts here)
228 | auto vmbr1
229 | iface vmbr1 inet manual
230 | bridge_ports none
231 | bridge_stp off
232 | bridge_fd 0
233 | #LAN0
234 |
235 |
236 |
237 | ---------------------------------------------------------------------
238 | New network configuration:
239 |
240 | ### Hetzner Online GmbH installimage
241 |
242 | source /etc/network/interfaces.d/*
243 |
244 | auto lo
245 | iface lo inet loopback
246 | iface lo inet6 loopback
247 |
248 | # Main network interface configuration
249 | iface enp0s31f6 inet manual
250 | up ip route add -net 116.202.228.193 netmask 255.255.255.192 gw 116.202.228.193 vmbr0
251 | up sysctl -w net.ipv4.ip_forward=1
252 | up sysctl -w net.ipv4.conf.enp0s31f6.send_redirects=0
253 | up sysctl -w net.ipv6.conf.all.forwarding=1
254 | up ip route add 116.202.228.216 dev enp0s31f6
255 |
256 | up ip route add 192.168.0.0/16 via 116.202.228.230 dev vmbr0
257 | up ip route add 172.16.0.0/12 via 116.202.228.230 dev vmbr0
258 | up ip route add 10.0.0.0/8 via 116.202.228.230 dev vmbr0
259 |
260 | auto vmbr0
261 | iface vmbr0 inet static
262 | address 116.202.228.230
263 | netmask 255.255.255.192
264 | gateway 116.202.228.193
265 | broadcast 116.202.228.255
266 | bridge-ports enp0s31f6
267 | bridge-stp off
268 | bridge-fd 0
269 | pointopoint 116.202.228.193
270 | #Main IP configuration
271 |
272 | auto vmbr1
273 | iface vmbr1 inet static
274 | address 116.202.228.216
275 | netmask 255.255.255.192
276 | bridge_ports none
277 | bridge_stp off
278 | bridge_fd 0
279 | hwaddress ether 00:50:56:00:4B:CF
280 | #WAN 1
281 |
282 | auto vmbr100
283 | iface vmbr100 inet manual
284 | bridge_ports none
285 | bridge_stp off
286 | bridge_fd 0
287 | #LAN 100
288 |
--------------------------------------------------------------------------------
/diagrams/hetzner-proxmox-single.drawio:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 |
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 |
122 |
123 |
124 |
125 |
126 |
127 |
128 |
129 |
130 |
131 |
132 |
133 |
134 |
135 |
136 |
137 |
138 |
139 |
140 |
141 |
142 |
143 |
144 |
--------------------------------------------------------------------------------