proxmox KVM routed network with multiple public IPs - virtual-machine

I have a dedicated hosting with hetzner. Additionally i have bought a 6IP subnet.
My main IP is: 88.198.60.125 My main subnet is: 255.255.255.224
My additional IPs are 46.4.214.81 to 46.4.214.86
the internet access work on windows servers . but centos give me invalid host
I cannot use bridged mode, since hetzner does not allow multiple MACs on same external ip, so I have to use routing mode. Here is my /etc/network/interfaces file for the host:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 88.198.60.125
netmask 255.255.255.255
pointopoint 88.198.60.97
gateway 88.198.60.97
post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
auto vmbr0
iface vmbr0 inet static
address 88.198.60.125
netmask 255.255.255.255
bridge_ports none
bridge_stp off
bridge_fd 0
bridge_maxwait 0
#subnet
up ip route add 46.4.214.80/29 dev vmbr0
up ip route add 46.4.214.81/29 dev vmbr0
up ip route add 46.4.214.82/29 dev vmbr0
up ip route add 46.4.214.83/29 dev vmbr0
up ip route add 46.4.214.84/29 dev vmbr0
up ip route add 46.4.214.85/29 dev vmbr0
up ip route add 46.4.214.86/29 dev vmbr0
up ip route add 46.4.214.87/29 dev vmbr0
and this my interfaces for vm
auto eth0
iface eth0 inet static
address 46.4.214.81
netmask 255.255.255.255
pointopoint 88.198.60.125
gateway 88.198.60.125

ok this how I solved the problem
you need to specific The IPs you want to use them with WINDOWS SERVER using "up route add -host" and other IPs can be used directly with Linux using create container....installing Linux manual not worked with me
this is my /etc/network/interfaces file
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 88.198.60.125
netmask 255.255.255.255
pointopoint 88.198.60.97
gateway 88.198.60.97
post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
auto vmbr0
iface vmbr0 inet static
address 88.198.60.125
netmask 255.255.255.255
bridge_ports none
bridge_stp off
bridge_fd 0
bridge_maxwait 0
#subnet ips used with windows server only
up route add -host 46.4.214.80 dev vmbr0
up route add -host 46.4.214.81 dev vmbr0
up route add -host 46.4.214.82 dev vmbr0
up route add -host 46.4.214.87 dev vmbr0

Related

How to block all outgoing network traffic, including all broadcast messages (DHCP) with ufw/iptables?

I'm trying to block all outgoing network traffic on ubuntu 20.04 including any broadcast messages from my network interface. My purpose is to block all outgoing network traffic from my host with condition that network interface is on. But all suggested rules and blocking all outcoming traffic do not block broadcast messages such as: DHCP, ARP, IGMPv2, MDNS protocols messages.
How to reproduce this behavior:
Host1 - host with ufw, where I'm trying to block all traffic
Host2 - host with wireshark, which monitors traffic from Host1 by Host1 mac address filter
Host1 and Host2 are in the same LAN;
Host1: no rules in ufw/iptables, network interface eth0 is turned on, default network configuration for eth0 is configured for DHCP (static);
Host1: disable network interface eth0 with manually or with command:
sudo ip link set eth0 down
Host1: Add rules with ufw:
sudo ufw default deny outgoing
sudo ufw deny out to any
Or iptables rules
sudo iptables -P OUTPUT DROP
Host1: Enable ufw:
sudo ufw enable
Host2: Start wireshark, set filter:
eth.addr == <Host1 MAC ADDRESS>
Host1: Enable interface eth0 manually or with command:
sudo ip link set eth0 up
Host2: In wireshark will appear broadcast packets from Host1
Is it possible to block all packets and broadcasting packets too with ufw/iptables?

Ubuntu 18.04 VM is not getting connected to the Internet

I am new to proxmox. I have created a VM having the Ubuntu 18.04 template on top of Proxmox OS. The problem is it is not getting connected to the internet. The proxmox server has an active LAN Connection.
$ ping 8.8.8.8
connect: Network is unreachable
-----------------------------------------------
$ cat /etc/network/interfaces
# ifupdown has been replaced by netplan(5) on this system. See
# /etc/netplan for current configuration.
# To re-enable ifupdown on this system, you can run:
# sudo apt install ifupdown
-----------------------------------------------------------
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0#if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group
default qlen 1000
link/ether f2:15:10:e9:c3:83 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::f015:10ff:fee9:c383/64 scope link
valid_lft forever preferred_lft forever
---------------------------------------------------------
$ /etc/resolv.conf
# --- BEGIN PVE ---
search infra.vitwit.com
nameserver 8.8.8.8
# --- END PVE ---
if it's your Ubuntu virtual machine network interface eth0
there is no set IP address, and of course, you can not connect to the internet.
Also, make sure your DHCP network can distribute IP addresses to Proxmox or enter a static address.
show the output of those commands: ip link, ip a, ip route

ssh_vpn or sockes_proxy set gateway?

I need to secure a VPN via SSH forwarding. How can I do this?
It should work like a proxy socks, but I was not able to find the gateway via socks.
i test in bash comment in best work
after old answer step 4 work with
route add -net [server] netmask 255.255.255.255 gw [real gatway client]
after
ssh -NTCf -w 0:0 [server]
ip link set tun0 up
ip addr add 192.168.123.2/32 peer 192.168.123.1 dev tun0
route add -net 192.168.123.0 netmask 255.255.255.0 gw 192.168.123.2
route add default gw 192.168.123.1
run in server
ip link set tun0 up
ip addr add 192.168.123.1/32 peer 192.168.123.2 dev tun0
arp -sD 192.168.123.2 eth0 pub
if work server with gateway u need nat comment
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
i find Approach with ssh_vpn
this link https://help.ubuntu.com/community/SSH_VPN
https://superuser.com/questions/202310/ssh-vpn-default-gateway-help
set forward in system
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
or
edite /etc/sysctl.conf
no commet "net.ipv4.ip_forward=1"
create ssh-kegen
ssh-keygen
ssh-copy-id root#[des ip server]
edite /etc/ssh/sshd_config
add "PermitTunnel yes"
and
change "PermitRootLogin yes"
restart ssh service
5. ssh -NTCf -w 0:0 [des ip server]
6. to host set ip in tun0 ip with
i
ip link set tun0 ip
ip addr add 10.0.0.100/32 peer 10.0.0.200 dev tun0
to server set tun0 ip
ip link set tun0 up
ip addr add 10.0.0.200/32 peer 10.0.0.100 dev tun0
set route [see des ip ] in host
ip route add [des ip server]/32 via [gatway host]
set defaul route in host
route add defaul gw 10.0.0.100
go to server and set ip table
iptables -P FORWARD ACCEPT
iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE

How to connect raspberry to WEP encrypted and dhcp enabled Ad-Hoc network

I have Three Rasbperry Pi3 and I have configured 2 of them as dhcp enabled ad-hoc network server they are working fine and I can connect to them using Windows PC and Linux PC as well as from Mobile. The dhcp also assigns the 'Laptop, PC and Mobile' the dynamic IP within specified range but when I try to connect from other Raspberry Pi with wpa_supplicant it can't connect to Raspberry Pi hosting ad-hoc network. I am using WEP encryption. My Raspberry Pi are equiped with internal wifi card.
Network Model
#1 Raspberry Pi3 with dhcp enabled ad-hoc
#2 Raspberry Pi3 with dhcp enabled ad-hoc
#3 Raspberry Pi3 is a moving node with managed network mode wpa_supplicant configurations which will connect to the either of those Raspberry Pi's based on which one has good signal strength and quality.
#1 Raspberry Pi with dhcp enabled ad-hoc
I have the following
interface configuration
my /etc/network/interfaces file looks like this
auto wlan0
iface wlan0 inet static
address 192.168.1.1
netmask 255.255.255.0
wireless-channel 1
wireless-essid Node1
wireless-key 6172736869
wireless-mode ad-hoc
dhcp configuration
and my Configuration for /etc/dhcp/dhcpd.conf is
ddns-update-style interim;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.5 192.168.1.150;
}
#2 Raspberry Pi with dhcp enabled ad-hoc
I have the following
interface configuration
my /etc/network/interfaces file looks like this
auto wlan0
iface wlan0 inet static
address 192.168.2.1
netmask 255.255.255.0
wireless-channel 1
wireless-essid Node2
wireless-key 6172736869
wireless-mode ad-hoc
dhcp configuration
and my Configuration for /etc/dhcp/dhcpd.conf is
ddns-update-style interim;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.5 192.168.2.150;
}
It is working fine. I can connect anything other than raspberry Pi with wpa_supplicant configuration. I have been working on it from almost 12 days and I tried almost every solution regarding WEP connection with wpa_supplicant and still no chance of connection.
I have the following configuration for
#3 Raspberry Pi3 with wpa_supplicant configuration
wpa_supplicant configuration
my /etc/wpa_supplicant/wpa_supplicant.conf looks like this
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=GB
network={
ssid="IoT-Lab"
psk="12323233"
key_mgmt=WPA-PSK
}
network={
ssid="Node1"
wep_key0="6172736869"
#wep_key0=6172736869
key_mgmt=NONE
}
When I connect to the Node1 it doesn't establish connection but create the the entry in wpa_supplicant.
Then read about removing the wep_key0 quotes and I did that but didn't work
I also read about a lots of tweaks to play with but nothing worked and did each of them but nothing seems to be work.
interface configuration
# interfaces(5) file used by ifup(8) and ifdown(8)
# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d
auto lo
iface lo inet loopback
iface eth0 inet manual
allow-hotplug wlan0
iface wlan0 inet manual
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
I also check with interface configuration for wlan0 from manual to dhcp and but it doesn't work. I'll be thankful if you help me out.

Ping between two vm in kvm

I have configured a net with one host ( my computer) and two virtual machines. I don't want to use libvirt now to connect vm to host, so i manually created bridge and two tap interfaces.
Here is the configuration:
vm1 /etc/network/interfaces:
auto lo
iface lo inet loopback
auto enp0s2
iface enp0s2 inet static
address 192.168.50.3
netmask 255.255.255.0
dns-nameservers 8.8.8.8
up ip route add default via 192.168.50.1 dev enp0s2
the same for another one vm2:
auto lo
iface lo inet loopback
auto enp0s2
iface enp0s2 inet static
address 192.168.50.2
netmask 255.255.255.0
dns-nameservers 8.8.8.8
up ip route add default via 192.168.50.1 dev enp0s2
this is host :
auto enp4s0
13 iface enp4s0 inet manual
12
11 auto br0
10 iface br0 inet static
9 address 192.168.50.1
8 netmask 255.255.255.0
7 network 192.168.50.0
6 broadcast 192.168.50.255
5 # gateway 192.168.50.1
4 bridge_ports enp4s0 tap0 tap1
3 bridge_stp off
2 bridge_fd 0
1 bridge_maxwait 0
45 dns-nameservers 8.8.8.8
Host can ping vm and vms can ping host now. But from 192.168.50.3 vm 192.168.50.2 is unreachable. What is the problem here? I have read in "mastering kvm virtualization", that this is enough for getting the connection (ip forwarding is enabled, but this does not matter for bridge, as I understood)
can you try assigning same vlan to both vms xml(config) file ?