Install Proxmox VE with NAT on Hetzner: Difference between revisions
No edit summary |
No edit summary |
||
| (25 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
[[Category:Proxmox VE]] | |||
[[Category:Guides & Tutorials]] | |||
== Prequisites == | == Prequisites == | ||
1. Download PVE iso: | 1. Download PVE iso: | ||
< | <syntaxhighlight lang="bash"> | ||
curl http://download.proxmox.com/iso/proxmox-ve_8.2-1.iso -o /tmp/proxmox-ve.iso | curl http://download.proxmox.com/iso/proxmox-ve_8.2-1.iso -o /tmp/proxmox-ve.iso | ||
</ | </syntaxhighlight> | ||
2. Might need to install | 2. Might need to install qemu and ovmf: | ||
< | <syntaxhighlight lang="bash"> | ||
sudo apt-get install -y qemu ovmf | |||
</ | </syntaxhighlight> | ||
== Install == | == Install == | ||
1. Start system in rescue mode | 1. Start system in rescue mode | ||
2. Set variables | |||
< | 2. Set variables: | ||
<syntaxhighlight lang="bash"> | |||
INTERFACE_NAME=$(udevadm info -q property /sys/class/net/eth0 | grep "ID_NET_NAME_PATH=" | cut -d'=' -f2) | INTERFACE_NAME=$(udevadm info -q property /sys/class/net/eth0 | grep "ID_NET_NAME_PATH=" | cut -d'=' -f2) | ||
IP_CIDR=$(ip addr show eth0 | grep "inet\b" | awk '{print $2}') | IP_CIDR=$(ip addr show eth0 | grep "inet\b" | awk '{print $2}') | ||
| Line 21: | Line 30: | ||
CIDR=$(echo "$IP_CIDR" | cut -d'/' -f2) | CIDR=$(echo "$IP_CIDR" | cut -d'/' -f2) | ||
PRIMARY_DISK=$(lsblk -dn -o NAME,SIZE,TYPE -e 1,7,11,14,15 | sed -n 3p | awk '{print $1}') | PRIMARY_DISK=$(lsblk -dn -o NAME,SIZE,TYPE -e 1,7,11,14,15 | sed -n 3p | awk '{print $1}') | ||
SECONDARY_DISK=$(lsblk -dn -o NAME,SIZE,TYPE -e 1,7,11,14,15 | sed -n 1p | awk '{print $1}') | SECONDARY_DISK=$(lsblk -dn -o NAME,SIZE,TYPE -e 1,7,11,14,15 | sed -n 1p | awk '{print $1}') | ||
THIRD_DISK=$(lsblk -dn -o NAME,SIZE,TYPE -e 1,7,11,14,15 | sed -n 2p | awk '{print $1}') | THIRD_DISK=$(lsblk -dn -o NAME,SIZE,TYPE -e 1,7,11,14,15 | sed -n 2p | awk '{print $1}') | ||
</ | </syntaxhighlight> | ||
3. Start qemu with installer cd-rom: | |||
<syntaxhighlight lang="bash"> | |||
qemu-system-x86_64 -daemonize -enable-kvm -m 10240 -k en-us \ | |||
-drive file=/dev/$PRIMARY_DISK,format=raw,media=disk,if=virtio,id=$PRIMARY_DISK \ | |||
-drive file=/dev/$SECONDARY_DISK,format=raw,media=disk,if=virtio,id=$SECONDARY_DISK \ | |||
-drive file=/dev/$THIRD_DISK,format=raw,media=disk,if=virtio,id=$THIRD_DISK \ | |||
-drive file=/usr/share/OVMF/OVMF_CODE.fd,if=pflash,format=raw,readonly=on \ | |||
-drive file=/usr/share/OVMF/OVMF_VARS.fd,if=pflash,format=raw \ | |||
-cdrom /tmp/proxmox-ve.iso -boot d \ | |||
-vnc :0,password=on -monitor telnet:127.0.0.1:4444,server,nowait | |||
echo "change vnc password pa$$w0rd6" | nc -q 1 127.0.0.1 4444 | |||
</syntaxhighlight> | |||
4. Connect and install Proxmox: | |||
Set tunneling, then use VNC with the port 5900. At the end, uncheck the restart option, then stop the virtual machine: | |||
<syntaxhighlight lang="bash"> | |||
printf "quit\n" | nc 127.0.0.1 4444 | |||
</syntaxhighlight> | |||
5. Start again without the installer: | |||
<syntaxhighlight lang="bash"> | |||
qemu-system-x86_64 -daemonize -enable-kvm -m 10240 -k en-us \ | |||
-drive file=/dev/$PRIMARY_DISK,format=raw,media=disk,if=virtio,id=$PRIMARY_DISK \ | |||
-drive file=/dev/$SECONDARY_DISK,format=raw,media=disk,if=virtio,id=$SECONDARY_DISK \ | |||
-drive file=/dev/$THIRD_DISK,format=raw,media=disk,if=virtio,id=$THIRD_DISK \ | |||
-drive file=/usr/share/OVMF/OVMF_CODE.fd,if=pflash,format=raw,readonly=on \ | |||
-drive file=/usr/share/OVMF/OVMF_VARS.fd,if=pflash,format=raw \ | |||
-vnc :0,password=on -monitor telnet:127.0.0.1:4444,server,nowait \ | |||
-net user,hostfwd=tcp::2222-:22 -net nic | |||
echo "change vnc password pa$$w0rd6" | nc -q 1 127.0.0.1 4444 | |||
</syntaxhighlight> | |||
6. Create interfaces config for NAT, then copy it on the system: | |||
The first virtualmachine which will be created is a router, as that will handle the network traffic coming from WAN | |||
A few available options: openWRT, PfSense | |||
<syntaxhighlight lang="bash"> | |||
cat > /tmp/proxmox_network_config << EOF | |||
auto lo | |||
iface lo inet loopback | |||
iface $INTERFACE_NAME inet manual | |||
auto vmbr0 | |||
iface vmbr0 inet static | |||
address $IP_ADDRESS/$CIDR | |||
gateway $GATEWAY | |||
bridge_ports $INTERFACE_NAME | |||
bridge_stp off | |||
bridge_fd 0 | |||
#Do not use | |||
auto vmbr1 | |||
iface vmbr1 inet static | |||
address 172.16.16.1/24 | |||
bridge-ports none | |||
bridge-stp off | |||
bridge-fd 0 | |||
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --destination $IP_ADDRESS -m multiport ! --dports 22,8006 -j DNAT --to 172.16.16.254 | |||
post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --destination $IP_ADDRESS -j DNAT --to 172.16.16.254 | |||
post-up iptables -t nat -A POSTROUTING -s '172.16.16.0/24' -o vmbr0 -j MASQUERADE | |||
#WAN | |||
EOF | |||
</syntaxhighlight> | |||
For the copy, use the password which you set for root | |||
<syntaxhighlight lang="bash"> | |||
scp -o StrictHostKeyChecking=no -P 2222 /tmp/proxmox_network_config root@localhost:/etc/network/interfaces | |||
</syntaxhighlight> | |||
Stop the virtual machine again: | |||
<syntaxhighlight lang="bash"> | |||
printf "quit\n" | nc 127.0.0.1 4444 | |||
</syntaxhighlight> | |||
7. Restart in normal mode | |||
== Final steps == | |||
1. Login to the system: | |||
2. Enable IP forwarding: | |||
<syntaxhighlight lang="bash"> | |||
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf | |||
sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/' /etc/sysctl.conf | |||
sysctl -p | |||
sysctl net.ipv4.ip_forward | |||
sysctl net.ipv6.conf.all.forwarding | |||
</syntaxhighlight> | |||
3. Check iptables: | |||
List configuration: | |||
<syntaxhighlight lang="bash"> | |||
iptables -t nat -L | |||
</syntaxhighlight> | |||
3+1. Edit iptables (IF NEEDED): | |||
Modify configuration: | |||
<syntaxhighlight lang="bash"> | |||
vi /etc/network/interfaces | |||
</syntaxhighlight> | |||
Clear current configuration: | |||
<syntaxhighlight lang="bash"> | |||
iptables -t nat -F | |||
</syntaxhighlight> | |||
Apply configuration: | |||
<syntaxhighlight lang="bash"> | |||
ifreload -a | |||
</syntaxhighlight> | |||
4. Create the router: | |||
See: [[Install OpenWRT for NAT]] | |||
== Sources == | |||
* https://community.hetzner.com/tutorials/install-and-configure-proxmox_ve | |||
* https://cyanlabs.net/tutorials/install-proxmox-on-a-hetzner-dedicated-server-with-1-ip-using-sdn-and-without-kvm-using-qemu | |||
Latest revision as of 15:51, 27 August 2025
Prequisites
1. Download PVE iso:
curl http://download.proxmox.com/iso/proxmox-ve_8.2-1.iso -o /tmp/proxmox-ve.iso
2. Might need to install qemu and ovmf:
sudo apt-get install -y qemu ovmf
Install
1. Start system in rescue mode
2. Set variables:
INTERFACE_NAME=$(udevadm info -q property /sys/class/net/eth0 | grep "ID_NET_NAME_PATH=" | cut -d'=' -f2)
IP_CIDR=$(ip addr show eth0 | grep "inet\b" | awk '{print $2}')
GATEWAY=$(ip route | grep default | awk '{print $3}')
IP_ADDRESS=$(echo "$IP_CIDR" | cut -d'/' -f1)
CIDR=$(echo "$IP_CIDR" | cut -d'/' -f2)
PRIMARY_DISK=$(lsblk -dn -o NAME,SIZE,TYPE -e 1,7,11,14,15 | sed -n 3p | awk '{print $1}')
SECONDARY_DISK=$(lsblk -dn -o NAME,SIZE,TYPE -e 1,7,11,14,15 | sed -n 1p | awk '{print $1}')
THIRD_DISK=$(lsblk -dn -o NAME,SIZE,TYPE -e 1,7,11,14,15 | sed -n 2p | awk '{print $1}')
3. Start qemu with installer cd-rom:
qemu-system-x86_64 -daemonize -enable-kvm -m 10240 -k en-us \
-drive file=/dev/$PRIMARY_DISK,format=raw,media=disk,if=virtio,id=$PRIMARY_DISK \
-drive file=/dev/$SECONDARY_DISK,format=raw,media=disk,if=virtio,id=$SECONDARY_DISK \
-drive file=/dev/$THIRD_DISK,format=raw,media=disk,if=virtio,id=$THIRD_DISK \
-drive file=/usr/share/OVMF/OVMF_CODE.fd,if=pflash,format=raw,readonly=on \
-drive file=/usr/share/OVMF/OVMF_VARS.fd,if=pflash,format=raw \
-cdrom /tmp/proxmox-ve.iso -boot d \
-vnc :0,password=on -monitor telnet:127.0.0.1:4444,server,nowait
echo "change vnc password pa$$w0rd6" | nc -q 1 127.0.0.1 4444
4. Connect and install Proxmox:
Set tunneling, then use VNC with the port 5900. At the end, uncheck the restart option, then stop the virtual machine:
printf "quit\n" | nc 127.0.0.1 4444
5. Start again without the installer:
qemu-system-x86_64 -daemonize -enable-kvm -m 10240 -k en-us \
-drive file=/dev/$PRIMARY_DISK,format=raw,media=disk,if=virtio,id=$PRIMARY_DISK \
-drive file=/dev/$SECONDARY_DISK,format=raw,media=disk,if=virtio,id=$SECONDARY_DISK \
-drive file=/dev/$THIRD_DISK,format=raw,media=disk,if=virtio,id=$THIRD_DISK \
-drive file=/usr/share/OVMF/OVMF_CODE.fd,if=pflash,format=raw,readonly=on \
-drive file=/usr/share/OVMF/OVMF_VARS.fd,if=pflash,format=raw \
-vnc :0,password=on -monitor telnet:127.0.0.1:4444,server,nowait \
-net user,hostfwd=tcp::2222-:22 -net nic
echo "change vnc password pa$$w0rd6" | nc -q 1 127.0.0.1 4444
6. Create interfaces config for NAT, then copy it on the system:
The first virtualmachine which will be created is a router, as that will handle the network traffic coming from WAN
A few available options: openWRT, PfSense
cat > /tmp/proxmox_network_config << EOF
auto lo
iface lo inet loopback
iface $INTERFACE_NAME inet manual
auto vmbr0
iface vmbr0 inet static
address $IP_ADDRESS/$CIDR
gateway $GATEWAY
bridge_ports $INTERFACE_NAME
bridge_stp off
bridge_fd 0
#Do not use
auto vmbr1
iface vmbr1 inet static
address 172.16.16.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --destination $IP_ADDRESS -m multiport ! --dports 22,8006 -j DNAT --to 172.16.16.254
post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --destination $IP_ADDRESS -j DNAT --to 172.16.16.254
post-up iptables -t nat -A POSTROUTING -s '172.16.16.0/24' -o vmbr0 -j MASQUERADE
#WAN
EOF
For the copy, use the password which you set for root
scp -o StrictHostKeyChecking=no -P 2222 /tmp/proxmox_network_config root@localhost:/etc/network/interfaces
Stop the virtual machine again:
printf "quit\n" | nc 127.0.0.1 4444
7. Restart in normal mode
Final steps
1. Login to the system:
2. Enable IP forwarding:
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/' /etc/sysctl.conf
sysctl -p
sysctl net.ipv4.ip_forward
sysctl net.ipv6.conf.all.forwarding
3. Check iptables:
List configuration:
iptables -t nat -L
3+1. Edit iptables (IF NEEDED):
Modify configuration:
vi /etc/network/interfaces
Clear current configuration:
iptables -t nat -F
Apply configuration:
ifreload -a
4. Create the router: