Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save Mayeu/a5c518dfc62648d040df to your computer and use it in GitHub Desktop.
Save Mayeu/a5c518dfc62648d040df to your computer and use it in GitHub Desktop.
# /etc/network/interfaces
#
auto lo
iface lo inet loopback
# device: eth0
iface eth0 inet manual
# IPv4 bridge
# (connect ONLY your firewall/router KVM instance here, this is the WAN device!)
auto vmbr0
iface vmbr0 inet static
# Hetzner primary WAN IP
address 176.9.xxx.xxx
# Hetzner primary WAN IP broadcast address
broadcast 176.9.xxx.xyz
# This netmask needs to have all bits set
netmask 255.255.255.255
# Our gateway is reachable via Point-to-Point tunneling
# put the Hetzner gateway IP address here twice
pointopoint 176.9.xxx.yyy
gateway 176.9.xxx.yyy
# Virtual bridge settings
# this one is bridging physical eth0 interface
bridge_ports eth0
bridge_stp off
bridge_fd 0
# add a static route through the Hetzner gateway IP
# for the subnet our primary IP belongs to
up route add -net 176.9.xxx.zyx netmask 255.255.255.224 gw 176.9.xxx.yyy vmbr0
# Add routing for up to 4 dedicated IP's we get from Hetzner
# You need to
up ip route add 176.9.xxx.xx1/32 dev vmbr0
up ip route add 176.9.xxx.xx2/32 dev vmbr0
up ip route add 176.9.xxx.xx3/32 dev vmbr0
up ip route add 176.9.xxx.xx4/32 dev vmbr0
# Assure local routing of private IPv4 IP's from our
# Proxmox host via our firewall's WAN port
up ip route add 192.168.0.0/16 via 176.9.xxx.xx1 dev vmbr0
up ip route add 172.16.0.0/12 via 176.9.xxx.xx1 dev vmbr0
up ip route add 10.0.0.0/8 via 176.9.xxx.xx1 dev vmbr0
# IPv6 bridge
# (connect ONLY your firewall/router KVM instance here, this is the WAN device!)
iface vmbr0 inet6 static
address 2a01:4f8:151:XXX::3
netmask 64
up ip -6 route add 2a01:4f8:151:XXX::1 dev vmbr0
up ip -6 route add default via 2a01:4f8:151:XXX::1
# Virtual switch for DMZ
# (connect your firewall/router KVM instance and private DMZ hosts here)
auto vmbr1
iface vmbr1 inet manual
bridge_ports none
bridge_stp off
bridge_fd 0
# Virtual switch for Private LAN
# (connect your firewall/router KVM instance and private hosts here)
auto vmbr2
iface vmbr2 inet manual
bridge_ports none
bridge_stp off
bridge_fd 0
# Virtual switch for Test Data Center
# (connect your firewall/router KVM instance and private hosts here)
auto vmbr3
iface vmbr3 inet manual
bridge_ports none
bridge_stp off
bridge_fd 0
# /etc/pve/qemu-server/100.conf
#
# This is an example KVM host configuration I use for my
# Vyatta router instance.
# It was created with the Proxmox web interface and should
# just introduce you to the used network configuration
# (see the 5 network interfaces and their bridge connections).
# That means you won't need to hack the configuration file yourself,
# just keep settings here in mind when creating your virtual host
# in the Proxmox interface.
#
# net0 - WAN interface used for dedicated IPv4 connection handling
# net1 - WAN interface used for dedicated IPv6 connection handling
# net2 - DMZ interface for the majority of my virtual OpenVZ and KVM hosts
# net3 - Private hosts only accessible via VPN
# net4 - Private hosts only accessible via VPN
#
# Of course you could use less interfaces (net0+net1 could be combined
# in a normal dual-stack configuration and net2/3/4 could be one
# interface only if you don't want/need such a complex configuration).
#
# IMPORTANT: net0 uses the MAC address that was assigned by Hetzner to one
# of my additional IPv4 addresses. This is essential to have a working connection.
# I also requested MAC addresses for the other IP's but it's sufficient to have only one of the MAC's
# in your configuration.
#
# Now go and have your firewall instance listening to all your additional
# IPv4 addresses and setup destination NAT to your private IPv4 addressed
# hosts connected to net2.
boot: cd
bootdisk: virtio0
cores: 2
cpu: host
ide2: none,media=cdrom
memory: 2048
name: msys-firewall-instance
# IMPORTANT: net0 has set the MAC address assigned by Hetzner
net0: virtio=00:50:56:00:XX:YY,bridge=vmbr0
net1: virtio=56:4A:05:76:D6:F8,bridge=vmbr0
net2: virtio=76:EE:88:BA:17:DF,bridge=vmbr1
net3: virtio=EE:10:82:D7:3C:14,bridge=vmbr2
net4: virtio=DA:18:23:03:D0:C7,bridge=vmbr3
onboot: 1
ostype: l26
sockets: 2
startup: order=1
virtio0: local:100/vm-100-disk-1.qcow2,cache=writeback
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment