Thanos Blog

Leveraging Proxmox with VM Bridge Networking on Hetzner Dedicated Servers

25 Jun 2024
homelab networking

header image

Leveraging Proxmox with VM Bridge Networking on Hetzner Dedicated Servers

Using Proxmox with a VM bridge (vmbr) network on a Hetzner dedicated server offers significant advantages for virtualization and network management. Proxmox provides a powerful and flexible platform for managing virtual machines and containers, enabling efficient resource utilization and easy scaling. By implementing a vmbr network, I can create a bridged connection between the virtual machines and the physical network, allowing for seamless communication and improved performance. This setup is particularly beneficial for hosting multiple services, as it facilitates direct access to the virtual machines from the external network while maintaining isolation and security. Overall, combining Proxmox with a vmbr network on a Hetzner dedicated server enhances my ability to manage and deploy applications efficiently, ensuring robust performance and reliability.

Installing Proxmox on Hetzner Dedicated Server

Step 1: Prepare the Server

  1. Boot the Server: Access the Hetzner console and boot your dedicated server from the Proxmox ISO. You can download the latest Proxmox ISO from the Proxmox website.
  2. Access the Rescue System: If needed, boot into the Hetzner rescue system to set up network configurations.

Step 2: Install Proxmox VE

  1. Partition the Disk: During the Proxmox installation, you can choose to use the entire disk or set up a custom partitioning scheme.

  2. Follow Installation Prompts: Complete the installation by following the on-screen prompts. Make sure to select the correct target disk and configure network settings according to your requirements.

  3. Reboot the Server: After the installation completes, remove the installation media and reboot the server.

Step 3: Access Proxmox Web Interface

  1. Access Proxmox GUI: Open a web browser and navigate to https://<your-server-ip>:8006.

  2. Login: Use the root username and the password you set during the installation.

Step 4: Setting Up the vmbr Network Bridge

Edit the Network Configuration

Modify your network configuration file to include vmbr1. On Proxmox VE, this is typically done in /etc/network/interfaces.

sudo nano /etc/network/interfaces

Add the following lines to configure vmbr1:

auto vmbr1
iface vmbr1 inet static
  address 10.0.0.1/24
  bridge-ports none
  bridge-stp off
  bridge-fd 0
  post-up echo 1 >/proc/sys/net/ipv4/ip_forward
  post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
  post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
  • 10.0.0.1/24 is the static IP for vmbr1.
  • Adjust the iptables rules if needed.

Apply the Configuration

sudo systemctl restart networking

Step 5: Install and Configure dnsmasq

Install dnsmasq

sudo apt update
sudo apt install dnsmasq

Configure dnsmasq

Edit the dnsmasq configuration file, usually located at /etc/dnsmasq.conf.

sudo nano /etc/dnsmasq.conf

Add or modify the following lines to configure DHCP:

interface=vmbr1              # Bind dnsmasq to vmbr1
dhcp-range=10.0.0.100,10.0.0.200,12h  # DHCP range
domain=local                # Local domain name
dhcp-option=3,10.0.0.1       # Gateway (vmbr1 IP)
dhcp-option=6,10.0.0.1       # DNS Server (vmbr1 IP)

Explanation:

  • interface=vmbr1: Ensures dnsmasq only provides DHCP on vmbr1.
  • dhcp-range=10.0.0.100,10.0.0.200,12h: Defines the range of IP addresses to allocate.
  • dhcp-option=3,10.0.0.1: Sets the default gateway.
  • dhcp-option=6,10.0.0.1: Sets the DNS server.

Start and Enable dnsmasq

sudo systemctl restart dnsmasq
sudo systemctl enable dnsmasq

Verify dnsmasq Configuration

sudo systemctl status dnsmasq
sudo journalctl -xe

Ensure there are no errors and that dnsmasq is running properly.

Step 6: Configure VMs to Use vmbr1 and Obtain DHCP Addresses

Assign vmbr1 to the VM’s Network Interface

Using Proxmox VE GUI

  1. Select the VM in the Proxmox GUI.
  2. Go to the Hardware tab.
  3. Edit the Network Device (e.g., net0).
  4. Set the Bridge to vmbr1.

Using the CLI

Modify the VM configuration file located at /etc/pve/qemu-server/<VMID>.conf:

sudo nano /etc/pve/qemu-server/<VMID>.conf

Add or modify:

net0: virtio=XX:XX:XX:XX:XX:XX,bridge=vmbr1

Replace XX:XX:XX:XX:XX:XX with your VM’s MAC address and <VMID> with the VM’s ID.

Configure VM’s OS for DHCP

Ensure that the operating system inside each VM is set to use DHCP.

For Linux VMs

Debian/Ubuntu:

sudo nano /etc/netplan/01-netcfg.yaml

network:
  version: 2
  ethernets:
    eth0:
      dhcp4: true

Apply changes:

sudo netplan apply

CentOS/RHEL:

sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0

BOOTPROTO=dhcp
ONBOOT=yes

Restart the network:

sudo systemctl restart network

For Windows VMs

  1. Open Network and Sharing Center.
  2. Go to Change adapter settings.
  3. Right-click on the network adapter and select Properties.
  4. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
  5. Choose Obtain an IP address automatically and Obtain DNS server address automatically.
  6. Click OK.

Reboot the VM

Reboot the VM to apply the new network settings.

Step 7: Verify the DHCP Configuration

Check IP Address on VM

  • Linux: Use ip addr show or ifconfig.
  • Windows: Use ipconfig.

Ensure the VM has received an IP address within the 10.0.0.100 - 10.0.0.200 range.

Check DHCP Leases

You can check dnsmasq DHCP leases on the host running dnsmasq:

sudo cat /var/lib/misc/dnsmasq.leases

Ping Test

Test network connectivity from the VM to the host or other devices:

ping 10.0.0.1

Ensure the VMs can communicate with each other and the gateway.

Summary

  1. Install Proxmox: Set up Proxmox VE on the Hetzner dedicated server.
  2. Set Up vmbr1: Configure the network bridge on the host.
  3. Install and Configure dnsmasq: Provide DHCP services on vmbr1.
  4. Configure VMs: Ensure VMs use vmbr1 and are set to obtain IP addresses via DHCP.
  5. Verify: Ensure VMs are receiving DHCP addresses and can communicate on the network.