Hetzner Public IPv6 addresses + Additional Subnet

Jimbo · July 1, 2021, 12:33pm

Hetzner Routed (brouter) Setup

I bought a dedicated server from Hetzner, they gave me a free IPv4 address and IPv6 /64 block. I then bought an additional block of IPv4 /29. These all work through the mac address of the server, no virtual MAC addresses as many online guides suggested.

123.123.123 is the IP range for Free IPv4 address, and the 222.222.222 is for the additional subnet block

It would be really awesome if somebody could translate the host network config which for Debian into Ubuntu netplan. This has been tested on Debian a few times.

$ sudo apt install bridge-utils

$ sudo cp /etc/network/interfaces /etc/network/interfaces.backup

IMPORTANT: check the interface is the same as different servers might have a different name, e.g. enp41s0

Having problems? the first and last address in the subnet are not available e.g. 104 & 111.

$ sudo vi /etc/network/interfaces
# Hetzner Network Configuration Hostsystem Routed
# Version 2021062601
auto lo
iface lo inet loopback

auto enp41s0
iface enp41s0 inet static
  address 123.123.123.72
  netmask 255.255.255.192
  pointopoint 123.123.123.65
  gateway 123.123.123.65

iface enp41s0 inet6 static
  address 2a01:123.123.123::2
  netmask 128
  gateway fe80::1
  up sysctl -p

# Subnet
auto br0
iface br0 inet static
  address 222.222.222.104
  netmask 29
  bridge_ports none
  bridge_stp off
  bridge_fd 0

iface br0 inet6 static
  address 2a01:abcd:abcd:abcd::3
  netmask 64
  up ip -6 route add 2a01:abcd:abcd:abcd::/64 dev br0

Making mistakes can cause retlink file exists and other problems. So you need to be careful and try not to get locked out. sudo ip addr flush dev enp41s0 && sudo ip addr flush dev enp41s0br0 && sudo ifup enp41s0

Restart networking

$ sudo systemctl restart networking

IP forwarding needs to be setup

$ sudo sysctl -w net.ipv4.ip_forward=1
$ sudo sysctl -w net.ipv6.conf.all.forwarding=1

Also edit /etc/sysctl.conf

net.ipv4.ip_forward=1
net.ipv4.conf.enp41s0.send_redirects=0
net.ipv6.conf.all.forwarding=1

Note, the bridge will show down until you create a VM that uses it.

$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp41s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether a8:a1:59:8b:35:a5 brd ff:ff:ff:ff:ff:ff
    inet 123.123.123.72 peer 123.123.123.65/32 brd 123.123.123.127 scope global enp41s0
       valid_lft forever preferred_lft forever
    inet6 2a01:abcd:abcd:abcd::2/128 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::aaa1:59ff:fe8b:35a5/64 scope link
       valid_lft forever preferred_lft forever
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether da:c2:0a:5a:24:de brd ff:ff:ff:ff:ff:ff
    inet 222.222.222.105/29 brd 222.222.222.111 scope global br0
       valid_lft forever preferred_lft forever
    inet6 2a01:abcd:abcd:abcd::3/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::d8c2:aff:fe5a:24de/64 scope link
       valid_lft forever preferred_lft forever

Note: Guest setups are specific to this network configuration.

This is the network configuration for the GUEST:

network:
  version: 2
  ethernets:
    enp1s0:
      addresses:
        - 222.222.222.110/29
        - 2a01:abcd:abcd:abcd::110/64
      gateway4: 222.222.222.104
      gateway6: 2a01:abcd:abcd:abcd::3
      nameservers:
        addresses:
          - 213.133.100.100
          - 213.133.98.98
          - 213.133.99.99
          - 2a01:4f8:0:1::add:9898
          - 2a01:4f8:0:1::add:1010
          - 2a01:4f8:0:1::add:9999