Hetzner - DokuWiki

• Wikipedia article about KVM

Caution: Use of this tutorial is at your own risk. The author is not liable for any damage or loss arising as a result!

---

In this tutorial I shall be describing one virtualization possibility for a Hetzner Dedicated Server using KVM. Guests only use IP addresses from the additional subnet, where one address operates as gateway.

I am consciously not using any configuration files in this tutorial, as these vary from distribution to distribution. However, once you have understood how it works, the setup of the relevant files should not be a problem.

Important: Turn off your IP Tables firewall beforehand. In the event that this is wrongly configured, our small virtual network will not work.

Inhaltsverzeichnis 1 Preconditions 1.1 Programs 1.2 Kernel Configuration 2 Basic Setup 2.1 Load Module 2.2 Turn on Forwarding 3 Network Configuration

Preconditions

Programs

The following programs are required for our setup. The Gentoo Paket contained in the program is shown in brackets.

• kvm (app-emulation/kvm)
• brctl (net-misc/bridge-utils)
• tunctl (sys-apps/usermode-utilities)
• route (sys-apps/net-tools)

Kernel Configuration

For information only in case you are compiling a kernel by yourself - otherwise this is already contained in the default kernel of, for example, Debian.

Device Drivers  --->
  [*] Network device support  --->
     <M>   Universal TUN/TAP device driver support

Networking options  --->
  <*> 802.1d Ethernet Bridging
  <*> 802.1Q VLAN Support

[*] Virtualization  --->
  <M>   Kernel-based Virtual Machine (KVM) support
  <M>     KVM for AMD processors support
  <M>     KVM for Intel processors support

Further options may be necessary, which I have already activated. In any event, the above-mentioned is important.

Basic Setup

Load Module

modprobe tun
modprobe kvm-amd
modprobe kvm-intel

Turn on Forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

Network Configuration

Information on IP addresses:

Main IP

hhh.hhh.hhh.hhh

Additional IPs

zzz.zzz.zzz.zz1 Gast1
zzz.zzz.zzz.zz2 Gast2
zzz.zzz.zzz.zz3 Gast3
zzz.zzz.zzz.zz4 Gast4
zzz.zzz.zzz.zz5 Gast5
zzz.zzz.zzz.zz6 Gateway

Each KVM guest receive their own virtual network cards which are combined into a bridge. This bridge serves as gateway.

First, we need to set up the bridge. As this is going to operate as gateway later on, it receives its own IP address. For this we need to take the last IP from the additional subnet (zzz.zzz.zzz.zz6).

brctl addbr br0
ifconfig br0 zzz.zzz.zzz.zz6 netmask 255.255.255.248 up

Next, we need to set up the virtual network cards, add these to the bridge and finally put them into promiscuous mode

tunctl -b -u root -t qtap0

brctl addif br0 qtap0

ifconfig qtap0 up 0.0.0.0 promisc

These three steps need to be repeated for further guests. However, please always increase qtap0, i.e. qtap1, qtap2 etc.

The next step is to set up the routes for the guests.

route add -host zzz.zzz.zzz.zz1 dev br0

Again the following applies: This step needs to be repeated for more guests. Adjust the IP each time.

Now we can start our first guest. What is important here is the network switch indication.

kvm -hda /var/kvm/gast1.img \
       -net nic -net tap,ifname=qtap0,script=no

Please note Should you intend to run more than one VM simultaneously, it is advisable to start each VM with a different MAC address. Otherwise this may seriously interrupt the VMs' network traffic. The option for setting the MAC is:

-net nic,macaddr=52:54:00:12:34:57

Once the guest has been started, we set up the network there. On Guest1 it could look like this:

ifconfig eth0 zzz.zzz.zzz.zz1 netmask 255.255.255.248 up
route add default gw zzz.zzz.zzz.zz6

Now we can:

• 1. ping ourselves
  • ping zzz.zzz.zzz.zz1
• 2. ping the bridge
  • ping zzz.zzz.zzz.zz6
• 3. ping the host
  • ping hhh.hhh.hhh.hhh
• 4. ping hetzner.de
  • ping 213.133.107.227

Finally, we need to set up the three Hetzner default nameservers on the guest.

nano -w /etc/resolv.conf

nameserver 213.133.98.98
nameserver 213.133.99.99
nameserver 213.133.100.100

The name resolution should now work and nothing should stand in the way of pinging hetzner.de.

Have fun!