Install Proxmox VE with NAT on Hetzner: Difference between revisions

From Jwiki
No edit summary
No edit summary
 
(10 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[Category:Proxmox VE]]
[[Category:Guides & Tutorials]]
== Prequisites ==
== Prequisites ==




## Download PVE iso:
1. Download PVE iso:
 
<syntaxhighlight lang="bash">
<pre>
curl http://download.proxmox.com/iso/proxmox-ve_8.2-1.iso -o /tmp/proxmox-ve.iso
curl http://download.proxmox.com/iso/proxmox-ve_8.2-1.iso -o /tmp/proxmox-ve.iso
</pre>
</syntaxhighlight>
 
 
## Might need to install qemu and ovmf:


<pre>
2. Might need to install qemu and ovmf:
<syntaxhighlight lang="bash">
sudo apt-get install -y qemu ovmf
sudo apt-get install -y qemu ovmf
</pre>
</syntaxhighlight>
 


== Install ==
== Install ==




## Start system in rescue mode
1. Start system in rescue mode




## Set variables
2. Set variables:


<pre>
<syntaxhighlight lang="bash">
INTERFACE_NAME=$(udevadm info -q property /sys/class/net/eth0 | grep "ID_NET_NAME_PATH=" | cut -d'=' -f2)
INTERFACE_NAME=$(udevadm info -q property /sys/class/net/eth0 | grep "ID_NET_NAME_PATH=" | cut -d'=' -f2)
IP_CIDR=$(ip addr show eth0 | grep "inet\b" | awk '{print $2}')
IP_CIDR=$(ip addr show eth0 | grep "inet\b" | awk '{print $2}')
Line 31: Line 30:
CIDR=$(echo "$IP_CIDR" | cut -d'/' -f2)
CIDR=$(echo "$IP_CIDR" | cut -d'/' -f2)


## Get the primary and secondary disks
PRIMARY_DISK=$(lsblk -dn -o NAME,SIZE,TYPE -e 1,7,11,14,15 | sed -n 3p | awk '{print $1}')
PRIMARY_DISK=$(lsblk -dn -o NAME,SIZE,TYPE -e 1,7,11,14,15 | sed -n 3p | awk '{print $1}')
SECONDARY_DISK=$(lsblk -dn -o NAME,SIZE,TYPE -e 1,7,11,14,15 | sed -n 1p | awk '{print $1}')
SECONDARY_DISK=$(lsblk -dn -o NAME,SIZE,TYPE -e 1,7,11,14,15 | sed -n 1p | awk '{print $1}')
THIRD_DISK=$(lsblk -dn -o NAME,SIZE,TYPE -e 1,7,11,14,15 | sed -n 2p | awk '{print $1}')
THIRD_DISK=$(lsblk -dn -o NAME,SIZE,TYPE -e 1,7,11,14,15 | sed -n 2p | awk '{print $1}')
</pre>
</syntaxhighlight>




## Start qemu with installer cd-rom:
3. Start qemu with installer cd-rom:


<pre>
<syntaxhighlight lang="bash">
qemu-system-x86_64 -daemonize -enable-kvm -m 10240 -k en-us \
qemu-system-x86_64 -daemonize -enable-kvm -m 10240 -k en-us \
-drive file=/dev/$PRIMARY_DISK,format=raw,media=disk,if=virtio,id=$PRIMARY_DISK \
-drive file=/dev/$PRIMARY_DISK,format=raw,media=disk,if=virtio,id=$PRIMARY_DISK \
Line 51: Line 49:


echo "change vnc password pa$$w0rd6" | nc -q 1 127.0.0.1 4444
echo "change vnc password pa$$w0rd6" | nc -q 1 127.0.0.1 4444
</pre>
</syntaxhighlight>




## Connect and install Proxmox:
4. Connect and install Proxmox:


Set tunneling, then use VNC with the port 5900. At the end, uncheck the restart option, then stop the virtual machine:
Set tunneling, then use VNC with the port 5900. At the end, uncheck the restart option, then stop the virtual machine:


<pre>
<syntaxhighlight lang="bash">
printf "quit\n" | nc 127.0.0.1 4444
printf "quit\n" | nc 127.0.0.1 4444
</pre>
</syntaxhighlight>


## Start again without the installer:
5. Start again without the installer:


<pre>
<syntaxhighlight lang="bash">
qemu-system-x86_64 -daemonize -enable-kvm -m 10240 -k en-us \
qemu-system-x86_64 -daemonize -enable-kvm -m 10240 -k en-us \
-drive file=/dev/$PRIMARY_DISK,format=raw,media=disk,if=virtio,id=$PRIMARY_DISK \
-drive file=/dev/$PRIMARY_DISK,format=raw,media=disk,if=virtio,id=$PRIMARY_DISK \
Line 75: Line 73:


echo "change vnc password pa$$w0rd6" | nc -q 1 127.0.0.1 4444
echo "change vnc password pa$$w0rd6" | nc -q 1 127.0.0.1 4444
</pre>
</syntaxhighlight>


## Create interfaces config for NAT, then copy it on the system:
6. Create interfaces config for NAT, then copy it on the system:


The first virtualmachine which will be created is a router, as that will handle the network traffic coming from WAN
The first virtualmachine which will be created is a router, as that will handle the network traffic coming from WAN
Line 83: Line 81:
A few available options: openWRT, PfSense
A few available options: openWRT, PfSense


<pre>
<syntaxhighlight lang="bash">
cat > /tmp/proxmox_network_config << EOF
cat > /tmp/proxmox_network_config << EOF
auto lo
auto lo
Line 111: Line 109:
#WAN
#WAN
EOF
EOF
</pre>
</syntaxhighlight>


For the copy, use the password which you set for root
For the copy, use the password which you set for root


<pre>
<syntaxhighlight lang="bash">
scp -o StrictHostKeyChecking=no -P 2222 /tmp/proxmox_network_config root@localhost:/etc/network/interfaces
scp -o StrictHostKeyChecking=no -P 2222 /tmp/proxmox_network_config root@localhost:/etc/network/interfaces
</pre>
</syntaxhighlight>


Stop the virtual machine again:
Stop the virtual machine again:


<pre>
<syntaxhighlight lang="bash">
printf "quit\n" | nc 127.0.0.1 4444
printf "quit\n" | nc 127.0.0.1 4444
</pre>
</syntaxhighlight>


## Restart in normal mode
7. Restart in normal mode




Line 131: Line 129:




## Login to the system:
1. Login to the system:


## Enable IP forwarding:
2. Enable IP forwarding:


<pre>
<syntaxhighlight lang="bash">
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/' /etc/sysctl.conf
sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/' /etc/sysctl.conf
Line 143: Line 141:
sysctl net.ipv4.ip_forward
sysctl net.ipv4.ip_forward
sysctl net.ipv6.conf.all.forwarding
sysctl net.ipv6.conf.all.forwarding
</pre>
</syntaxhighlight>


## Check iptables:
3. Check iptables:


List configuration:
List configuration:


<pre>
<syntaxhighlight lang="bash">
iptables -t nat -L
iptables -t nat -L
</pre>
</syntaxhighlight>


## Edit iptables:
3+1. Edit iptables (IF NEEDED):


Modify configuration:
Modify configuration:


<pre>
<syntaxhighlight lang="bash">
vi /etc/network/interfaces
vi /etc/network/interfaces
</pre>
</syntaxhighlight>


Clear current configuration:
Clear current configuration:
<pre>
<syntaxhighlight lang="bash">
iptables -t nat -F
iptables -t nat -F
</pre>
</syntaxhighlight>


Apply configuration:
Apply configuration:
<pre>
<syntaxhighlight lang="bash">
ifreload -a
ifreload -a
</pre>
</syntaxhighlight>
 
4. Create the router:


See: [[Install OpenWRT for NAT]]


== Sources ==
== Sources ==

Latest revision as of 15:51, 27 August 2025


Prequisites

1. Download PVE iso:

curl http://download.proxmox.com/iso/proxmox-ve_8.2-1.iso -o /tmp/proxmox-ve.iso

2. Might need to install qemu and ovmf:

sudo apt-get install -y qemu ovmf

Install

1. Start system in rescue mode


2. Set variables:

INTERFACE_NAME=$(udevadm info -q property /sys/class/net/eth0 | grep "ID_NET_NAME_PATH=" | cut -d'=' -f2)
IP_CIDR=$(ip addr show eth0 | grep "inet\b" | awk '{print $2}')
GATEWAY=$(ip route | grep default | awk '{print $3}')
IP_ADDRESS=$(echo "$IP_CIDR" | cut -d'/' -f1)
CIDR=$(echo "$IP_CIDR" | cut -d'/' -f2)

PRIMARY_DISK=$(lsblk -dn -o NAME,SIZE,TYPE -e 1,7,11,14,15 | sed -n 3p | awk '{print $1}')
SECONDARY_DISK=$(lsblk -dn -o NAME,SIZE,TYPE -e 1,7,11,14,15 | sed -n 1p | awk '{print $1}')
THIRD_DISK=$(lsblk -dn -o NAME,SIZE,TYPE -e 1,7,11,14,15 | sed -n 2p | awk '{print $1}')


3. Start qemu with installer cd-rom:

qemu-system-x86_64 -daemonize -enable-kvm -m 10240 -k en-us \
-drive file=/dev/$PRIMARY_DISK,format=raw,media=disk,if=virtio,id=$PRIMARY_DISK \
-drive file=/dev/$SECONDARY_DISK,format=raw,media=disk,if=virtio,id=$SECONDARY_DISK \
-drive file=/dev/$THIRD_DISK,format=raw,media=disk,if=virtio,id=$THIRD_DISK \
-drive file=/usr/share/OVMF/OVMF_CODE.fd,if=pflash,format=raw,readonly=on \
-drive file=/usr/share/OVMF/OVMF_VARS.fd,if=pflash,format=raw \
-cdrom /tmp/proxmox-ve.iso -boot d \
-vnc :0,password=on -monitor telnet:127.0.0.1:4444,server,nowait

echo "change vnc password pa$$w0rd6" | nc -q 1 127.0.0.1 4444


4. Connect and install Proxmox:

Set tunneling, then use VNC with the port 5900. At the end, uncheck the restart option, then stop the virtual machine:

printf "quit\n" | nc 127.0.0.1 4444

5. Start again without the installer:

qemu-system-x86_64 -daemonize -enable-kvm -m 10240 -k en-us \
-drive file=/dev/$PRIMARY_DISK,format=raw,media=disk,if=virtio,id=$PRIMARY_DISK \
-drive file=/dev/$SECONDARY_DISK,format=raw,media=disk,if=virtio,id=$SECONDARY_DISK \
-drive file=/dev/$THIRD_DISK,format=raw,media=disk,if=virtio,id=$THIRD_DISK \
-drive file=/usr/share/OVMF/OVMF_CODE.fd,if=pflash,format=raw,readonly=on \
-drive file=/usr/share/OVMF/OVMF_VARS.fd,if=pflash,format=raw \
-vnc :0,password=on -monitor telnet:127.0.0.1:4444,server,nowait \
-net user,hostfwd=tcp::2222-:22 -net nic

echo "change vnc password pa$$w0rd6" | nc -q 1 127.0.0.1 4444

6. Create interfaces config for NAT, then copy it on the system:

The first virtualmachine which will be created is a router, as that will handle the network traffic coming from WAN

A few available options: openWRT, PfSense

cat > /tmp/proxmox_network_config << EOF
auto lo

iface lo inet loopback

iface $INTERFACE_NAME inet manual

auto vmbr0
iface vmbr0 inet static
  address $IP_ADDRESS/$CIDR
  gateway $GATEWAY
  bridge_ports $INTERFACE_NAME
  bridge_stp off
  bridge_fd 0
#Do not use

auto vmbr1
iface vmbr1 inet static
        address 172.16.16.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --destination $IP_ADDRESS -m multiport ! --dports 22,8006 -j DNAT --to 172.16.16.254
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --destination $IP_ADDRESS -j DNAT --to 172.16.16.254
        post-up iptables -t nat -A POSTROUTING -s '172.16.16.0/24' -o vmbr0 -j MASQUERADE
#WAN
EOF

For the copy, use the password which you set for root

scp -o StrictHostKeyChecking=no -P 2222 /tmp/proxmox_network_config root@localhost:/etc/network/interfaces

Stop the virtual machine again:

printf "quit\n" | nc 127.0.0.1 4444

7. Restart in normal mode


Final steps

1. Login to the system:

2. Enable IP forwarding:

sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/' /etc/sysctl.conf

sysctl -p

sysctl net.ipv4.ip_forward
sysctl net.ipv6.conf.all.forwarding

3. Check iptables:

List configuration:

iptables -t nat -L

3+1. Edit iptables (IF NEEDED):

Modify configuration:

vi /etc/network/interfaces

Clear current configuration:

iptables -t nat -F

Apply configuration:

ifreload -a

4. Create the router:

See: Install OpenWRT for NAT

Sources