Hetzner - DokuWiki

KVM mit Nutzung aller IPs - the easy way/en

Setting up KVM on Debian and Ubuntu.



There is a wiki article that offers instructions on how it is possible to use all subnet IP addresses for VMs on a KVM basis.

However, the problem with this is that this cannot be achieved simply: for example, on the KVM using all IPs from the subnet page, a private subnet, "br" interfaces is needed for all virtual machines etc.

Here is a very easy method for making use of all IP addresses. We have: AA.BB.CC.DD as Main IP, with AA.BB.CC.XX as Gateway; and we have an additional subnet, DD.EE.FF.160-167.


In the /etc/network/interfaces, set up a Bridge br0 (in addition to eth0) and give it the IP address of eth0:

auto  br0
iface br0 inet static
 address   AA.BB.CC.DD
 bridge_ports none
 bridge_stp off
 bridge_fd 0
 bridge_maxwait 0
 up route add -host DD.EE.FF.160 dev br0
 up route add -host DD.EE.FF.161 dev br0
 up route add -host DD.EE.FF.162 dev br0
#... and so on, adding a separate route for each IP address

It is important to add all IP addresses individually. Normally, it would be possible to enter the subnet as a whole (route add -net DD.EE.FF.160/29), but then you lose two IP addresses, namely 160 (Net IP) and 167 (Broadcast) and we do not want to do this.

Guest (KVM)

The network card for the guest machines is tied to "br0". A "pointopoint" route to the Host system is set up in the VM network configuration as the VM cannot communicate directly via the Hetzner Gateway owing to its unknown MAC address. The following is an example for /etc/network/interfaces:

auto eth0
iface eth0 inet static
      address DD.EE.FF.163
      gateway AA.BB.CC.DD
      pointopoint AA.BB.CC.DD
      # dns-* options are implemented by the resolvconf package, if installed
#        dns-search example.com

What is also important: To give all VMs a different virtual MAC from the "52:54:00:XX:XX:XX" area via "-net nic,macaddr=". If all VMs have the same MAC this leads to packet loss. If you would like to change the MAC later on, you need to take care that the ARP cache is emptied on the Host, the VMS and the Client you are testing with. In Linux this is done with "ip neigh flush all".

Finished? Not quite. We still need other changes on the Host system:

Changes on the Host

To make sure that the Host system does not send any "icmp redirect" messages, these are deactivated in the kernel:

/sbin/sysctl -w net.ipv4.conf.eth0.send_redirects=0

Or, better still, create the file /etc/sysctl.d/10-no-icmp-redirects.conf:

# Because of our network setup, the Host machine could send ICMP
# "redirect" messages to all guests, telling them to find the Hetzner
# gateway directly. That is impossible: Hetzner would throw away the
# traffic from the virtual interfaces because of their non registered
# MAC addresses (i.e. different from the main interface).

IP forwarding also needs to be enabled. Add or delete the comment character before the line concerned in /etc/sysctl.conf: net.ipv4.ip_forward=1 (alternatively: Set up own "conf" file in /etc/sysctl.d).

© 2018. Hetzner Online GmbH. Alle Rechte vorbehalten.