Hetzner - DokuWiki

Netzkonfiguration Debian/en
(IPv4)
Zeile 9: Zeile 9:
 
The main IP of a Hetzner root server is usually located in a /27 or /26 subnet. In order to prevent the accidental use of a foreign IP address, our infrastructure rejects any Ethernet packets that are not addressed to the gateway address. In order to reach any server in the same subnet, our standard images already have a static route in their network configuration. The static route forwards the entire traffic to the gateway instead of sending it directly to the neighbouring server.
 
The main IP of a Hetzner root server is usually located in a /27 or /26 subnet. In order to prevent the accidental use of a foreign IP address, our infrastructure rejects any Ethernet packets that are not addressed to the gateway address. In order to reach any server in the same subnet, our standard images already have a static route in their network configuration. The static route forwards the entire traffic to the gateway instead of sending it directly to the neighbouring server.
  
This is not the best solution as duplicate and inconsistent information appears in the routing table. A better way to reach a server in your subnet is to set the netmast to 255.255.255.255 (/32). The server assumes it is alone in thia subnet and will not send any packets directly. However, an explicit host route to the gateway is now needed. This is very easy to do with Debian by adding the option "pointopoint 192.168.0.1" in the configuration. Please change "192.168.0.1" to the valid IP address of your gateway.
+
This is not the best solution as duplicate and inconsistent information appears in the routing table. A better way to reach a server in your subnet is to set the netmast to 255.255.255.255 (/32). The server assumes it is alone in this subnet and will not send any packets directly. However, an explicit host route to the gateway is now needed. This is very easy to do with Debian by adding the option "pointopoint 192.168.0.1" in the configuration. Please change "192.168.0.1" to the valid IP address of your gateway.
  
 
  ## /etc/network/interfaces example Hetzner root server
 
  ## /etc/network/interfaces example Hetzner root server

Version vom 14. Dezember 2011, 13:07 Uhr

Please note: In addition to the main IP received from Hetzner, it is not permitted to simply use any other IP as an additional IP address. If you should require additional IP addresses or an additional subnet, please send a support request via https://www.hetzner.de/robot

Inhaltsverzeichnis

Main IP Address

IPv4

The main IP of a Hetzner root server is usually located in a /27 or /26 subnet. In order to prevent the accidental use of a foreign IP address, our infrastructure rejects any Ethernet packets that are not addressed to the gateway address. In order to reach any server in the same subnet, our standard images already have a static route in their network configuration. The static route forwards the entire traffic to the gateway instead of sending it directly to the neighbouring server.

This is not the best solution as duplicate and inconsistent information appears in the routing table. A better way to reach a server in your subnet is to set the netmast to 255.255.255.255 (/32). The server assumes it is alone in this subnet and will not send any packets directly. However, an explicit host route to the gateway is now needed. This is very easy to do with Debian by adding the option "pointopoint 192.168.0.1" in the configuration. Please change "192.168.0.1" to the valid IP address of your gateway.

## /etc/network/interfaces example Hetzner root server
# Loopback-Adapter
auto lo
iface lo inet loopback
# LAN interface
auto eth0
iface eth0 inet static
  # Main IP address of the server
  address 192.168.0.250
  # Netmask 255.255.255.255 (/32) independent from the
  # real subnet size (e.g. /27)
  netmask 255.255.255.255
  # explicit host route to the gateway
  gateway 192.168.0.1
  pointopoint 192.168.0.1

The additional route to the gateway is no longer necessary.

IPv6

In principle the above applies to IPv6 as well. Instead of a single main IP you get a /64 subnet and instead of a /27 subnet your server is located in a /59 subnet. Direct communication within the /59 subnet is not possible and is discarded by the switch. Therefore, the entire traffic including your own subnet has to be forwarded to the gateway.

As opposed to IPv4 configuration, there is no "pointopoint" setting in IPv6. Please use "pre-up" to set the route to the gateway manually.

For example:

  • Address block: 2a01:4f8:61:20e1::2 untill 2a01:4f8:61:20e1:ffff:ffff:ffff:ffff
  • We use the first address from this: 2a01:4f8:61:20e1::2
  • Gateway: 2a01:4f8:61:20e0::1
## /etc/network/interfaces example Hetzner root server
# Loopback-Adapter
auto lo
iface lo inet loopback
# IPv6 LAN
auto eth0
iface eth0 inet6 static
  # Main IPv6 Address of the server
  address 2a01:4f8:61:20e1::2
  netmask 64
  # Host Route, because the gateway is outside of the /64 subnet
  up ip -6 route add 2a01:4f8:61:20e0::1 dev eth0
  # Host Route, because the gateway is outside of the /64 subnet
  down ip -6 route del 2a01:4f8:61:20e0::1 dev eth0
  # Default Route
  up ip -6 route add default via 2a01:4f8:61:20e0::1 dev eth0
  down ip -6 route del default via 2a01:4f8:61:20e0::1 dev eth0

IPv4 + IPv6

Usually. both IPv4 and IPv6 can be used. Both configuration files are simply joined together and duplicate entries omitted.

## /etc/network/interfaces example Hetzner root server
# Loopback-Adapter
auto lo
iface lo inet loopback
# LAN interface
auto eth0
iface eth0 inet static
  # Main IP address of the server
  address 192.168.0.250
  # Netmask 255.255.255.255 (/32) independent from the
  # real subnet size (e.g. /27)
  netmask 255.255.255.255
  # explicit host route to the gateway
  gateway 192.168.0.1
  pointopoint 192.168.0.1
iface eth0 inet6 static
  # Main IPv6 Address of the server
  address 2a01:4f8:61:20e1::2
  netmask 64
  # Host Route, because the gateway is outside of the /64 subnet
  up ip -6 route add 2a01:4f8:61:20e0::1 dev eth0
  # Host Route, because the gateway is outside of the /64 subnet
  down ip -6 route del 2a01:4f8:61:20e0::1 dev eth0
  # Default Route
  up ip -6 route add default via 2a01:4f8:61:20e0::1 dev eth0
  down ip -6 route del default via 2a01:4f8:61:20e0::1 dev eth0

Additional IP Addresses

All old DS servers include a /29 subnet. For our new EQ/EX Server up to 4 additional IPs can be ordered. The network configuration is quite similar.

In order to use the additional addresses on the server, the package "iproute" and "ip" are needed. Configurations with alias interfaces such as (eth0:1, eth0:2 etc.) are outdated and should not be used. To add an address please run:

ip addr add 10.4.2.1/32 dev eth0

The command "ip addr" shows the IP addresses which are currently active. As the server uses the entire subnet it is also useful here to add the addresses with the prefix /32 which means the subnet mask is 255.255.255.255

Unfortunately, the configuration mechanisms of Debian do not allow more than one IP to be saved in the file "/etc/network/interfaces". This problem can be bypassed manually or with a special script.

Manual Configuration

Insert in the /etc/network/interfaces under the appropriate interface (e.g. eth0) the following two lines:

  up ip addr add 10.4.2.1/32 dev eth0
  down ip addr del 10.4.2.1/32 dev eth0

up and down expect just one line of shell code and this can be repeated for several addresses. The disadvantage is that both the interface name and address must be listed twice. If many IPs are used, the configuration file is confusing and prone to errors. If the data is changed, all entries must be adjusted.



© 2020. Hetzner Online GmbH. Alle Rechte vorbehalten.