How to Configure an Additional Subnet on a Hetzner Dedicated Server for Proxmox

When you order an additional subnet for your Hetzner dedicated server, you can use it to give VMs dedicated IPs. This way, you can expose your VMs to the internet, each with their own IP. This is great for service providers and event private people who just want to host their websites inside LXC containers or VMs.

Warning

A word of warning: misconfiguration of your network setup can result in the complete server not being reachable from the outside, meaning you need to either reset it or fix the error in the rescue system. Also - misconfiguring may result in MAC-Address leakage, resulting in Hetzner sending you a message and requesting a statement what went wrong. This can be avoided by just being careful and confirming every command you execute.

Prerequisites

In this post, I'm using the following hardware and IPs:

1x AX102 dedicated Server
1x /28 subnet, directly bound to my server (144.76.49.1/28)

Getting Started

Make sure that package-forwarding for IPv4 and IPv6 is enabled:

root@proxmox#: sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
root@proxmox#: sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/' /etc/sysctl.conf
root@proxmox#: sysctl -p
root@proxmox#: sysctl net.ipv4.ip_forward
root@proxmox#: sysctl net.ipv6.conf.all.forwarding

The both sysctl command should show a equal 1.

Next, we need to add the configuration to our bridge, in my setup the bridge is vmbr0, but it might be something else in yours. Configure the file `/etc/network/interfaces` to reflect the following, changing your range:

auto vmbr0
iface vmbr0 inet static
        address <server-ip>
        gateway <server-gateway>
        bridge-ports enp6s0
        bridge-stp off
        bridge-fd 0
        up ip address add <additional-subnet> dev vmbr0

iface vmbr0 inet6 static
        address <server-ip6>
        up ip address add <server-subnet> dev vmbr0
        gateway fe80::1

After confirming that everything is correct, close and save the file and reload the networking stack with the following command:

root@proxmox#: systemctl reload networking

This way, if you configured something wrong, the network reload will fail but won't take down your whole network.

VM Configuration

Configuring a VM to use a IP from the subnet is straight forward. Due to our setup, we cannot use the first and last IP of our additional range, since it's used as the gateway and the broadcast.

As you can see, i'm using the 144.76.49.2 address and am specifying the /28 subnet, using the first IP of my range as the gateway.

Conclusion

You've successfully setup your IP range and can now create VMs using those additional IPs. Make sure to harden setup for things like IP Spoofing. This way you are good to go!