Note : Using Multiple IPs in a vps from NAT or other IP pools with different gateways will not be possible.
For non-Proxmox servers
This article explains network settings when using Hetzner servers
(For Subnetted IPs)
The following fields in the Create IP Pool form have to be filled as below:
- Gateway : This will be first Ip of the usable range assigned to you.
Note : You cannot use that gateway ip in vps.
- Netmask : Use the same as provided by Hetzner.
- NAT: Please check on Enable NAT option .
- Adding ip : Please add ip range to the pool .
Troubleshooting
Vps/Bridge start issue
A Nat bridge is created after NAT ip pool is added from panel.
Its config file will reside under /etc/libvirt/qemu/networks/ directory
If NAT bridge is not started and its giving these errors on panel while starting vps :
The VPS failed to start
error: Failed to create domain from /etc/libvirt/qemu/v1001.xml
error: Requested operation is not valid: network 'natbr1' is not active
Then you can try starting the bridge :
virsh net-start natbr1
Once its started you can set it to auto start :
virsh net-autostart natbr1
If net-start command fails with this error :
virsh net-start natbr1
setlocale: No such file or directory
error: Failed to start network natbr1
error: The name org.fedoraproject.FirewallD1 was not provided by any .service files
Then you will need to start firewalld service as well :
service firewalld start
And also add our ports to avoid issues :
After starting firewalld, you can try to start NAT bridge again.
Outgoing ip for vps
If the outgoing ip for vps is not shown as expected and it shows as server's ip then you will need to add a firewall in iptables :
root@host ~ # iptables -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A POSTROUTING -s My-IP/27 -o Bridge-name -j MASQUERADE //This one needs to be removed
root@host~ # iptables -t nat -D POSTROUTING -s My-IP/27 -o Bridge-name -j MASQUERADE
Where, PUBLIC_IF is the NAT bridge name listed in virsh net-list command.
Also comment any un-wanted NAT rule added for viifbr0 in /etc/sysconfig/iptables file and then service iptables restart
Note : Single IPs cannot be added to Nat IP pool. Only a range of IPs can be added while creating the Pool.
The list of usable IPs are provided by Hetzner.
NAT Pool is not supported for Proxmox.
Proxmox NAT
Since NAT Pool is not supported in case of Proxmox , you will need to create NAT Bridge manually on it. You can follow the below steps for the same :
Modify the file : /etc/network/interfaces and create bridge (Eg : vmbr0) manually and assign it the Subnet that has been allocated by the data center.
In the below example , Server IP is 192.168.1.10 and the Subnets allocated by data center are 192.168.24.48/28 and 192.168.25.48/28.
auto lo
iface lo inet loopback
iface lo inet6 loopback
auto eth0
iface eth0 inet static
address 192.168.1.10/26
gateway 192.168.1.2
up route add -net 192.168.1.1 netmask 255.255.255.192 gw 192.168.1.1 dev eth0
iface eth1 inet manual
iface eth2 inet manual
#This bridge is for subnet 192.168.24.48/28
#Use 1st IP from the usable range , i.e 192.168.24.49
auto vmbr0
iface vmbr0 inet static
address 192.168.24.49/28
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.24.49/28' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.24.49/28' -o vmbr0 -j MASQUERADE
#This Bridge is for subnet 192.168.25.48/28 (If you've purchased 2nd subnets from them, You will need to create another bridge for 2nd subnet as well)
#Use 1st IP from the usable range , i.e 192.168.25.49
auto vmbr1
iface vmbr1 inet static
address 192.168.25.49/28
bridge-ports none
bridge-stp off
bridge-fd 0
mtu 1500
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.25.49/28' -o vmbr1 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.25.49/28' -o vmbr1 -j MASQUERADE
We are almost setup now. Just make sure everything is correct before you restart the network. After that restart the network :
root# ifup vmbr0
Once bridge is created and you're able to ping it , you can create IP Pool on Virtualizor panel with the below network settings :
- Gateway : IP of the Subnet / Bridge created earlier in the above step.
- Netmask : Should be given by the data center.
- Vlan : Please check on Enable VLAN option.
- Bridge name : The name of the bridge you've created above. Example : vmbr0
Note : Please confirm from your Data center once if such network setup is not going causing any external MAC usage issues.
Using Multiple IPs in a vps from other IP pools with different gateways will not be possible.