I have a Debian 10 server (from Hetzner) that I want to set up as a KVM host to set up virtual machines for myself.
The server itself has a static IP like so:
auto lo
iface lo inet loopback
iface lo inet6 loopback
auto enp35s0
iface enp35s0 inet static
address 95.217.122.234
netmask 255.255.255.192
gateway 95.217.122.193
# route 95.217.122.192/26 via 95.217.122.193
up route add -net 95.217.122.192 netmask 255.255.255.192 gw 95.217.122.193 dev enp35s0
iface enp35s0 inet6 static
address 2a01:4f9:4a:37d5::2
netmask 64
gateway fe80::1
I'm not sure what these lines do and how they affect my situation:
# route 95.217.122.192/26 via 95.217.122.193
up route add -net 95.217.122.192 netmask 255.255.255.192 gw 95.217.122.193 dev enp35s0
I have been given a secondary subnet that has been "statically routed on the IP 95.217.122.234", that I intend to allocate to the guests. The details are:
- Subnet: 95.216.106.56
- CIDR: /29
- Netmask: 255.255.255.248
- Broadcast: 95.216.106.63
I have a guess that I would need to configure my interfaces file to be like so:
auto lo
iface lo inet loopback
# The primary network interface
auto enp35s0
iface enp35s0 inet manual
auto kvmbr0
iface kvmbr0 inet static
address 95.216.106.56
netmask 255.255.255.248
network 95.216.106.56
broadcast 95.216.106.63
gateway 95.217.122.193
bridge_ports enp35s0
bridge_stp off
bridge_fd 0
bridge_maxwait 0
However, I'm not sure this will "work" and even if it did, whether it would be wasting one or more IP addresses (e.g. my initial static IP at 95.217.122.234).
Perhaps it needs to be more like so:
auto lo
iface lo inet loopback
iface lo inet6 loopback
# Main Host IP
auto enp35s0
iface enp35s0 inet static
address 95.217.122.234
netmask 255.255.255.192
gateway 95.217.122.193
# route 95.217.122.192/26 via 95.217.122.193
up route add -net 95.217.122.192 netmask 255.255.255.192 gw 95.217.122.193 dev enp35s0
# Secodary subnet
auto enp35s0:0
iface enp35s0:0 inet manual
# KVM Bridge
auto kvmbr0
iface kvmbr0 inet static
address 95.216.106.56
netmask 255.255.255.248
network 95.216.106.56
broadcast 95.216.106.63
gateway 95.217.122.193
bridge_ports enp35s0:0
bridge_stp off
bridge_fd 0
bridge_maxwait 0
What is the ideal way for me to set it up so that my KVM host uses the static IP that was initially assigned to it, but my KVM guests are directly accessible from the internet if I manually assign them IPs within the secondary subnet?
No Forwarding
I did see this similar post, but I would prefer it if there was no forwarding/masquerading being set up through the host if possible. Ideally the guests are accessed directly on their IP even though they share the same physical connection as the host.
No DHCP
I've seen other posts that were complicated by DHCP being in place across two different subnets. In this case there is no DHCP and I am going to be manually assigning static IPs to all the guests myself.