New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
virtual mac abuse on hetzner due to network bridging on proxmox ...
rinaldohack
Member
I have several VMs. all of them have 2 network card.
one of them is NAT'ed to the ipv4 interface on the host. no problems here.
the other one is bridged to the same interface, and running only ipv6.
I was running the vm with one address each, from the /64 block.
then this happens. and I'm not sure where to start fixing.
I even tried to play around with tunnelbroker.net, but somehow I can't configure it for multiple hosts. only one VM would work and the other would lose ipv6.
the original plan was every server would have its own ipv6 address.
Comments
Most of generic Proxmox tutorials won't work since they need specific Hetzner adjustments.
Did you try here?
https://community.hetzner.com/tutorials/install-and-configure-proxmox_ve
https://docs.hetzner.com/de/robot/dedicated-server/ip/additional-ip-adresses/#nutzung-mit-virtualisierung-per-routed-methode
I ended up making a routed config, never exposing any other MAC except the host one to Hetzner.
I already read those and didn't even know where to start.
You can't bridge VMs to a host's network, as they'll see the wrong MAC address. You need to use a routed network instead. Unfortunately I have zero experience with Proxmox so I'm not sure how to do that.
so I got the IPv6 from hetzner : 2a01:4f8:160:xxxx::/64 (xxxx is censored)
/etc/network/interfaces from host
auto vmbr0
iface vmbr0 inet static
address xxx/28
gateway xxx
bridge-ports enp0s31f6
bridge-stp off
bridge-fd 0
/etc/network/interfaces from guest
eth0 goes to vmbr1 which is NAT, eth1 is bridged to vmbr0
auto eth0
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.1
where do I go wrong?
damn formating error
Seems legit, but make sure to allow IPv6 forwarding on the host as well:
sysctl -w net.ipv6.conf.all.forwarding=1
And what is "..up.." in your first inet6 block? should be pre-up or post-up.
your IPv6 on vmbr0 is running in bridged mode. but seems you do not have an IPv4 on that and therefore probably no virtual mac address, right?
while your IPv4 gets forwarded (routed) via vmbr1 and will go out using the hosts native MAC your IPv6 connections use another mac-address (probably auto-generated for eth0 on that VM?) which is unknown to Hetzners switches and therefore trigger the abuse message.
in other words: "bridged" can best be described as bypassing the hosts macs settings and the guest is directly communicating with the switch while "routed" has that forwarding/masquerading step on the host in between.
if I recall correctly, you can't set a virtual mac for IPv6 addresses. so you have to split the net and use a part of it in a routed config on vmbr1 as well, instead of assigning it via vmbr0 (bridged).
i just copied it from hetzner guide.
apparently the sysctl part was the thing I need. THANKS!