我在 Hetzner 有一个运行 KVM 的专用 Ubuntu 22.04 服务器。我已将附加子网中的 IP 地址分配给来宾虚拟机。我可以按预期通过公共 IP 地址访问来宾虚拟机。
我收到了一封来自 Hetzner 的电子邮件,称我正在使用“未经允许的”MAC 地址,并威胁要阻止服务器。“不允许的”MAC 地址属于来宾虚拟机。Hetzner 支持人员表示“您必须确保您的虚拟机的 MAC 地址不会在网络设备上的公共上行链路中可见。” 有人知道如何遵守 Hetzner 的网络规则吗?这是我的配置:
- 物理服务器
$ sudo cat /etc/netplan/01-netcfg.yaml
### Hetzner Online GmbH installimage
network:
version: 2
renderer: networkd
ethernets:
enp98s0f0:
match:
macaddress: xx:xx:xx:xx:xx:fa
dhcp4: no
dhcp6: no
bridges:
br0:
macaddress: xx:xx:xx:xx:xx:fa
interfaces:
- enp98s0f0
dhcp4: no
dhcp6: no
addresses:
- aa.bb.cc.108/32 # Physical NIC (Main IP)
- aa.bb.cc.65/28 # First usable IP of the additional subnet
routes:
- to: 0.0.0.0/0
via: aa.bb.cc.105 # Gateway for Main IP on physical NIC
on-link: true
- to: aa.bb.cc.64/28 # Additional subnet
via: aa.bb.cc.65 # First usable IP of the additional subnet assigned to physical NIC above
on-link: true
nameservers:
addresses:
- 185.12.64.2
- 185.12.64.1
parameters:
stp: false
forward-delay: 0
$ cat /etc/sysctl.d/10-forwarding.conf
net.ipv4.ip_forward=1
#net.ipv4.conf.enp98s0f0.send_redirects=0
net.ipv4.conf.all.proxy_arp=1
net.ipv4.conf.all.forwarding=1
$ cat br0.xml
<network>
<name>br0</name>
<forward mode='bridge'/>
<bridge name='br0'/>
</network>
- 访客虚拟机
$ sudo cat /etc/netplan/01-netcfg.yaml
# This is the network config written by 'subiquity'
network:
ethernets:
enp1s0:
addresses:
- aa.bb.cc.67/28 # Additional subnet
nameservers:
addresses:
- 185.12.64.2
- 185.12.64.1
search: []
routes:
- to: default
via: aa.bb.cc.65 # First usable IP of the additional subnet assigned to physical NIC
version: 2
