Hetzner & Proxmox, Multiple VM’s on One Single IP Address

Other guides on this subject are confusing. This one aims to be simple and to the point regarding Hetzner Dedicated servers from the Server Auctions.

Requirements

• Hetzner Dedicated server with a single IP
• Debian 11 (other OS are compatible but will require different methods)

IP ADDRESSES COST A FORTUNE WTF!

Yes, due to the massive shortage on IP addresses IP4 IP’s are now going for literally hundreds of thousands per block for ISP’s. Hetzner have been kind enough to pass on the expenses to us the customer. Now if you want to buy extra IP’s for your servers you will pay a literal fortune.

Scenario

You have bought a Dedicated server from Hetzner in the server auctions and you have been allocated a single IP. You want to create multiple virtual machines with Proxmox that have access to the internet. You do not have thousands of euros to pay for a block of IP addresses.

Installing Proxmox

Install Debian 11 (or use the installer provided by Hetzner to install Proxmox)

We log into our machine via ssh and use the command installimage to start the installer.

Pick either Debian 11 or Proxmox under custom > Proxmox.

The settings i use for partitioning are as follows

PART /boot ext3 512M
PART lvm vg0 all

LV vg0 root / ext4 50G
LV vg0 swap swap swap 8G
LV vg0 var /var  ext4  400G

That gives us a 400GB partition for our VM’s and containers. You can always make it larger afterwards with

lvextend -r -L +20G /dev/vg0/vg0       # Extend space by 20GB
lvextend -r -l +100%FREE /dev/vg0/vg0  # Add all free space

Create the internal network

We need to add some info to our interfaces file

nano /etc/network/interfaces

At the bottom of the file add the text below but change enp0s31f6 to your ethernet adapter.

auto vmbr1
iface vmbr1 inet static
address 192.168.50.1
netmask 255.255.255.0 
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up   iptables -t nat -A POSTROUTING -s '192.168.50.0/24' -o enp0s31f6 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.50.0/24' -o enp0s31f6 -j MASQUERADE

CTRL+X then y to save the file and close it.

Bring up the interface

sudo ifup vmbr1               # With/without sudo

Restart the networking

systemctl restart networking

If the install hangs at this point you have probably set the wrong setting, we do not want to connect to the host ethernet. We are using masquerading to forward the ports.

Let’s check if the network is working

systemctl status networking.service

Now we can check if our IP has been accepted and is used for our bridge.

ip address show dev vmbr1

Result

4: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether d6:84:9c:9e:aa:cf brd ff:ff:ff:ff:ff:ff
    inet 192.168.50.1/24 scope global vmbr1
       valid_lft forever preferred_lft forever
    inet6 fe80::d484:9cff:fe9e:aacf/64 scope link
       valid_lft forever preferred_lft forever

VM & Container Creation

Now we are done with setting up the network. Now all we need to do is set the VM to the new virtual network vmbr0

When creating a container you can specify the IP directly before creation, just keep it within the IP range you specified ie, 192.168.50.20

When creating a VM select the virtual network.

Now when the VM boots you can give it an IP address manually, remember to keep it in the range.

• IP: 192.168.50.100
• GATEWAY: 192.168.50.1
• NAMESERVERS: 192.168.50.1

Complete.

Your containers and VM’s will now be able to communicate with the internet from a single IP address. Hope it helps.