Hetzner EQ Server + KVM and subnet Posted by mark on 2011-01-25, 02:01 under technology related Last week I have rented an EQ series server from Hetzner’s with four IPs and an additional subnet. After having installed Gentoo on that host I have wanted to assign all these IP addresses to XEN/KVM virtual servers (henceforth called “guests”). Unfortunately most tutorials on the net suggest to dedicate one as bridge gateway address. Yet I even want to not spare a single one, and came up with this: You can set up a bridge by the means of net-misc/bridge-utils without adding an interface to it. Connect your guests to that bridge. On the host, enable IP forwarding and have requests to any guest IP forwarded to that bridge. On the guests, set the host’s IP as gateway address. Without (4) no packets from the LAN, constituted by the bridge, can find their way to the Internet and by (3) vice versa. Provided following IPs (which you should change to yours): main and thus host’s IP 188.40.1.17 three additional IPs 188.40.1.43 188.40.1.44 188.40.1.51 additional subnet 178.40.1.40/27 You will have to do: On the host, install packages: view sourceprint? 1.emerge -n net-misc/bridge-utils sys-apps/iproute2 On the host, edit /etc/conf.d/net so it reads: view sourceprint? 01.modules=( "iproute2") 02. 03.# IP with mask, and gateway - as assigned by Hetzner's DHCP 04.config_eth0=( "188.40.1.17/26") 05.routes_eth0=( "default via 188.40.1.1") 06. 07.# Hetzner nameserver; could be your DNS resolver 08.dns_servers_eth0=( 09."213.133.98.98" 10."213.133.99.99" 11."213.133.100.100" 12.) 13. 14.brctl_br0=( "setfd 0" "sethello 2" "stp off") 15.config_br0=("188.40.1.17/32") 16.depend_br0() { 17.need net.eth0 18.} 19. 20.postup() { 21.if [ "${IFACE}" = "br0" ]; then 22.# repeat that line for every IP but host's IP 23.route add 188.40.1.43 br0 24.fi 25.} On the host, enable IP forwarding: view sourceprint? 1.# add "net.ipv4.ip_forward = 1" to /etc/sysctl.conf 2.sysctl -w net.ipv4.ip_forward=1 You will have to restrict forwarding to your own IPs by iptables. (See Sven Lauritzen’s blogpost for an example.) On the host, have the bridge started automatically: view sourceprint? 1.cd /etc/init.d 2.ln -s net.lo net.br0 3.rc-update add net.br0 default You could start br0 right away if you want. On every guest /etc/conf.d/net should look like: view sourceprint? 1.modules=( "iproute2" ) 2.config_eth0=( "188.40.1.43/32 peer 188.40.1.17") 3.routes_eth0=( "default via 188.40.1.17") 4.dns_servers_eth0=( 5."213.133.98.98" 6."213.133.99.99" 7."213.133.100.100" 8.) … where the first in eth0 is the guest’s IP and the other as well as the in routes_eth0 host’s. With the “peer” thing the host is reachable by that guest without having to be in the same subnet. By that you won’t waste a single IP address.