Proxmox with a Single IP on Hetzner

Walking the bridges

December 7, 2022

I am not sure what it is with me, but I keep moving between self-hosted and hosted solutions. About a year ago I got rid of all my self-hosted services, and moved them all to hosted services. Nice, no more maintenance, nothing to break. No endless debug sessions right when you most desperately need access to one of your systems. Perfect.

Till I was talking to a friend of mine the other day, he was talking about his self-hosted Nextcloud instance… And I started to miss mine. Before I used to host a Nextcloud instance at home on an Intel NUC, worked like a charm, but I decided to get rid of it at one point.

But today, today I once more went down the rabbit hole…

Great story Machiel, show me what I need to know.

Interfaces

I love interfaces, especially Go’s interfaces. But today we’re all about the network interfaces. Here’s a copy from my /etc/network/interfaces on my host:

auto enp0s31f6
iface enp0s31f6 inet manual

iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
	address X.X.X.X
	netmask X.X.X.X
	gateway X.X.X.X
	bridge-ports enp0s31f6
	bridge-stp off
	bridge-fd 1
	pointtopoint X.X.X.X # same IP as gateway
	bridge_hello 2
	bridge_maxage 12

auto vmbr1
iface vmbr1 inet static
	address 10.10.0.100/24
	bridge-ports none
	bridge-stp off
	bridge-fd 0

	post-up   echo 1 > /proc/sys/net/ipv4/ip_forward

	post-up   iptables -t nat -A POSTROUTING -s '10.10.0.0/24' -o vmbr0 -j MASQUERADE
	post-down iptables -t nat -D POSTROUTING -s '10.10.0.0/24' -o vmbr0 -j MASQUERADE

	# These are only necessary if you enable the firewall.
	#
	# See: https://pve.proxmox.com/wiki/Network_Configuration#sysadmin_network_masquerading
	post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
	post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

The X.X.X.X values can be copied over from the pre-existing interface, or just from Hetzner (hover the IP of your machine).

Cool, that’s step one. Now give that server a nice reboot.

Now it’s time to create a machine like you’re used to. Make sure to assign vmbr1 as a network interface to this machine. Network config for this machine:

auto ens18
iface ens18 inet static
	address 10.10.0.150 # Or some other 10.10.0.X address
	netmask 255.255.255.0
	gateway 10.10.0.100

Welcome to a connected VM. That’s all there’s to it, really.

The mistake I kept making was leaving the enp0s31f6 unchanged while trying to configure my vmbr0 as a vmbr1. And assinging vmbr0 to my VM. That wouldn’t fly.

This only fixes outgoing connections though. You’ll probably want to set up some forwarding from your host to your guest in order to host different services.

Interfaces

Read more