Page 1 of 1

Assistance needed on Network routing with subnets

Posted: 2020/02/04 13:06:07
by enginama
Hi,

I have a Server set up with individual IP's which have assigned mac addresses and a subnet /27 which does not, the server is set up for KVm virtualizing.
I have created my bridge files and everything works from a ping perspective but my data center provider is advising me that my configuration is exposing the server generated VPS mac addresses on the switch instead of using the main servers mac address.
Below are my config files, my question is how do I force the VPS's to only communicate externally using the assigned MAC of the main device.
Hope someone can help me as getting threats of server being shutdown unless I can fix this.

ifcfg-enp3s0
DEVICE=enp3s0
HWADDR=70:85:c2:f9:10:20
ONBOOT=yes
BRIDGE=br0
IPV6INIT=yes

ifcfg-br0
DEVICE=br0
ONBOOT=yes
BOOTPROTO=none
HWADDR=70:85:c2:f9:10:20 <--- Mac Address for Main IP
IPADDR=191.201.199.2xx <---Main IP of Server
NETMASK=255.255.255.192
SCOPE="peer 195.201.199.1xx" <---Gateway of Main IP
IPV6INIT=yes
IPV6ADDR=2a11:4f8:13a:1bac::2
IPV6_DEFAULTGW=fe80::1
IPV6_DEFROUTE=yes
IPV6_DEFAULTDEV=br0

ifcfg-br0:1
DEVICE=br0:1
TYPE=Bridge
BOOTPROTO=static
IPADDR=46.4.124.1 <<--First IP of additional subnet
HWADDR=70:85:c2:f9:10:20 <--- Mac Address for Main IP
NETMASK=255.255.255.224
GATEWAY=191.201.199.2xx <-- Main IP of Server
ONBOOT=yes
DELAY=0
STP=off

route-br0:1
GATEWAY0=191.201.199.2xx <-- Main IP of Server
route-br0
GATEWAY0=195.201.199.1xx <---Gateway of Main IP

Re: Assistance needed on Network routing with subnets

Posted: 2020/02/04 13:21:56
by jlehtone
enginama wrote:
2020/02/04 13:06:07
I have created my bridge files and everything works from a ping perspective but my data center provider is advising me that my configuration is exposing the server generated VPS mac addresses on the switch instead of using the main servers mac address.
Sounds like you should use routed, not bridged topology.

Re: Assistance needed on Network routing with subnets

Posted: 2020/02/16 16:16:38
by enginama
Thanks. I am struggling with creating the routed network as nothing seems to work.
I am using virtualizor as my host for VM's.
They recommend using NAT for IPV4 subnets which causes a problem with having IPV6's routed, so either have IPV4 or IPv6 not both on one VM.
The previous bridge configuration works ... but causes system created MAC addresses which isn't acceptable to hetzner. I have also tried following Hetzners guide information on centos which is not particularly clear. When trying what they suggest, it doesnt work.

If anyone has any ideas how to get this on routed working with virtualizor I would appreciate it and would be happy to pay for someones time to help me resolve this.

Re: Assistance needed on Network routing with subnets

Posted: 2020/02/17 07:19:47
by jlehtone
enginama wrote:
2020/02/16 16:16:38
They recommend using NAT for IPV4 subnets which causes a problem with having IPV6's routed, so either have IPV4 or IPv6 not both on one VM.
What problems?

Re: Assistance needed on Network routing with subnets

Posted: 2020/02/17 13:11:09
by enginama
Using NAT on IPV4 and IPV6 routed, then IPV6 is not accessible. can't ping in or out on IPV6

Re: Assistance needed on Network routing with subnets

Posted: 2020/02/17 17:05:13
by jlehtone
The options are most likely:
* bridged
* routed
* routed with NAT
Network Address Translation, aka masquerade or port forwarding is just something that a router can do.

I have a router that masquerades (private) IPv4 subnet, but simply routes (public) IPv6 subnet; the IPv4 and IPv6 are unrelated.
Whether that is possible with "virtualizor" and "Hetzner" ... no idea.

However, it should be trivial to add two separate interfaces to VM; one IPv4, other IPv6.
Then again, the "virtualizor" and "Hetzner" might disagree.