Main IP address
IPv4
The main IP of a dedicated root server is usually located in a /26 or /27 subnet. In order to prevent the accidental use of a foreign IP address, our infrastructure rejects any Ethernet packets that are not addressed to the gateway address. In order to reach a server in the same subnet, the network configuration must be set up as a point to point configuration. Our standard images already come with this configuration so that all traffic is routed via the gateway.
This is done via a point to point configuration between the primary IP and the gateway. The primary IP is configured with the netmask set to 255.255.255.255 (/32)
. This way the server assumes it is alone and will not send any packets directly. In order to reach other servers as well as the Internet an explicit host route for the gateway in addition to the default route is needed.
etc/network/interfaces (ENI)
When networking is configured via /etc/network/interfaces this is easily done by adding the option pointopoint <gateway IP>
in the configuration stanza.
## /etc/network/interfaces example Hetzner root server
# Loopback-Adapter
auto lo
iface lo inet loopback
#
# LAN interface
auto eth0
iface eth0 inet static
# Main IP address of the server
address 192.168.0.250
# Netmask 255.255.255.255 (/32) independent from the
# real subnet size (e.g. /27)
netmask 255.255.255.255
# explicit host route to the gateway
gateway 192.168.0.1
pointopoint 192.168.0.1
netplan
When using netplan this is done via the on-link keyword in the configuration:
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 192.168.0.250/32
routes:
- to: 0.0.0.0/0
via: 192.168.0.1
on-link: true
IPv6
In addition to a primary IPv4 address, every servers is assigned an /64 IPv6 subnet. This subnet is routed to the link-local IPv6 address that is generated from the MAC address of the server. As opposed to the IPv4 configuration, no point-to-point configuration is needed for IPv6.
The gateway is always fe80::1
## /etc/network/interfaces example Hetzner root server
# Loopback-Adapter
auto lo
iface lo inet loopback
#
# IPv6 LAN
auto eth0
iface eth0 inet6 static
# One IPv6 address out of the /64 subnet
address 2001:db8:1234::1
netmask 64
gateway fe80::1
IPv4 + IPv6
It is expected that over the next few years, IPv4 and IPv6 will be used in parallel. Simply join both configuration files together and omit duplicate entries.
etc/network/interfaces (ENI)
## /etc/network/interfaces example Hetzner root server
# Loopback-Adapter
auto lo
iface lo inet loopback
#
# LAN interface
auto eth0
iface eth0 inet static
# Main IP address of the server
address 192.168.0.250
# Netmask 255.255.255.255 (/32) independent from the
# real subnet size (e.g. /27)
netmask 255.255.255.255
# explicit host route to the gateway
gateway 192.168.0.1
pointopoint 192.168.0.1
#
iface eth0 inet6 static
# one IPv6 address from assigned subnet
address 2001:db8:1234::1
netmask 64
gateway fe80::1
netplan
Configuration via netplan for Ubuntu 22.04 and later or using netplan 1.03 or later
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 192.168.0.250/32
- 2001:db8:1234::1/64
routes:
- to: default
via: 192.168.0.1
on-link: true
- to: default
via: fe80::1
Configuration for Ubuntu 21.04 and older
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 192.168.0.250/32
- 2001:db8:1234::1/64
routes:
- to: 0.0.0.0/0
via: 192.168.0.1
on-link: true
gateway6: fe80::1
Additional IP addresses (host)
For our dedicated root servers you can order up to 6 additional single IPs. The network configuration is similar in both cases.
In order to use the additional addresses on the server (no virtualization), you need the package iproute2
and service program ip
. Configuration with alias interfaces (such as eth0:1
, eth0:2
etc.) are outdated; you should no longer use them. To add an address, please run:
ip addr add 10.4.2.1/32 dev eth0
The command ip addr
shows the IP addresses which are currently active. The server uses the entire subnet, so it is also useful here to add the addresses with the prefix /32, which means the subnet mask is 255.255.255.255
.
etc/network/interfaces (ENI)
In /etc/network/interfaces
, insert the following two lines in the appropriate interface (e.g. eth0
):
up ip addr add 10.4.2.1/32 dev eth0
down ip addr del 10.4.2.1/32 dev eth0
For up
and down
, expect just one line of shell code and this can be repeated for several addresses. The disadvantage is that you need to list both the interface name and address twice. If you are using many IPs, the configuration file becomes confusing and prone to errors. And if you change the data, you need to adjust all the entries.
netplan
When using netplan, simply add the additional IP addresses as /32 to the addresses section
Additional IP addresses (virtualization)
With virtualization, the additional IP addresses are used via the guest system. To make these reachable via the Internet, you need to adjust the configuration in the host system accordingly in order to forward the packets. There are two ways of doing this for additional single IPs: the routed and bridged methods.
Routed (brouter)
In this type of configuration, the packets are routed. For this method, you need to set up an additional bridge with almost the same configuration (without gateway) as eth0.
Host:
auto eth0
iface eth0 inet static
address (Main IP)
netmask 255.255.255.255
pointopoint (Gateway IP)
gateway (Gateway IP)
#
iface eth0 inet6 static
address 2001:db8:1234::1
netmask 128
gateway fe80::1
#
auto virbr1
iface virbr1 inet static
address (Main IP)
netmask 255.255.255.255
bridge_ports none
bridge_stp off
bridge_fd 0
pre-up brctl addbr virbr1
up ip route add (Additional IP)/32 dev virbr1
down ip route del (Additional IP)/32 dev virbr1
#
iface virbr1 inet6 static
address 2a01:4f8:XX:YY::1
netmask 64
You also need to create a corresponding host route for each additional IP address. For IPv4, the eth0 configuration remains unchanged. For IPv6, you need to reduce the prefix from /64 to /128.
Guest:
auto eth0
iface eth0 inet static
address (Additional IP)
netmask 255.255.255.255
pointopoint (Main IP)
gateway (Main IP)
#
iface eth0 inet6 static
address 2a01:4f8:XX:YY::4
netmask 64
gateway 2a01:4f8:XX:YY::1
Bridged
With a bridged configuration, packets are sent directly. The guest system behaves as if it is independent. This makes the MAC addresses of the guest system visible from the outside, so you need to request a virtual MAC address for each single IP address. The address can be generated automatically in Robot by clicking on the server and then on the small icon next to the additional IP. Then assign the virtual MAC address to the guest network card. The bridge gets the same network configuration as eth0.
# remove or disable configuration for eth0
#auto eth0
#iface eth0 inet static
#
auto br0
iface br0 inet static
address (Main IP)
netmask (like eth0, e.g: 255.255.255.254)
gateway (same as that for the main IP)
bridge_hw eth0 (required as of Debian 11 'bulleye')
bridge_ports eth0
bridge_stp off
bridge_fd 1
bridge_hello 2
bridge_maxage 12
The configuration of eth0
is omitted without replacement.