← Back to Blog

Virtual Servers, Hetzner, and Virtualization

Introduction to Hetzner and Virtualization

Let's start by saying that Hetzner is a great company if you go by their rules. They offer cheap dedicated servers, have good network and wonderful support. However, they're based in Germany and Germany has a lot of rules and laws preventing certain types of content being hosted on servers located in the country. However, this is not what we're going to talk about today.

Today we're going to focus on configuring your Hetzner dedicated server's networking to enable you to run your own virtual servers on it.

Why This Tutorial?

Entexion is a web hosting company too, so it may seem illogical that we write a blog post explaining how to set something up on Hetzner's infrastructure. However, many people are interested in this topic, and we just want to help. Who knows, maybe we'll win some customers over by just being helpful. As always, if you can't be bothered to do all of this on your own, we can do it for you.

The Problem: Different Subnets for Additional IPs

When you order additional IP addresses from Hetzner, they will assign them from a completely different subnet. This means that in order to run virtualization, such as KVM or XEN, you will be required to set up a network bridge.

The bridge will use one of the IPs from the additional subnet. This IP will be used as gateway for your virtual servers, as otherwise they will not be able to reach the Internet, or be reachable from it.

Understanding Network Bridges

A network bridge is a device that connects multiple network segments together. In the context of virtualization, a bridge allows virtual machines to share the physical network interface of the host server while appearing as separate network devices.

Key benefits of using a network bridge for virtualization:

  • Isolation: Each virtual server gets its own IP address
  • Connectivity: Virtual servers can access the Internet independently
  • Flexibility: Easy to add or remove virtual servers
  • Performance: Direct access to the physical network

Prerequisites

Before we begin, make sure you have:

  • A Hetzner dedicated server with root access
  • Additional IP addresses ordered from Hetzner
  • SSH access to your server
  • Basic knowledge of Linux networking

Important: This tutorial is based on CentOS 7. If you're using a different Linux distribution (such as Ubuntu, Debian, or CentOS 8+), the commands and file locations may vary.

Step-by-Step Guide: Setting Up Network Bridge on Hetzner

Step 1: Make a Backup

Before we continue, I must urge you to make a backup of any file you modify. Backups are important, as I have found out the hard way, after living my life by the motto "real men don't make backups" for years. That's a load of rubbish.

Create a backup of your network configuration files:

cp -r /etc/sysconfig/network-scripts /etc/sysconfig/network-scripts.backup

Step 2: Identify Your Network Interface

To start with, we need to find out what our network interface's name is. This can be done by running the following command:

ifconfig

The above command will return all your network interfaces. You should be looking for the one that has your primary IP address assigned to it. In most cases it will be eth0, but that's just an example. It can also be, for example, enp4s0, like in our case.

Alternatively, you can use the ip command for more detailed information:

ip addr show

Step 3: Create the Bridge Configuration File

Once you've established what your primary network interface is, we need to create the bridge to act as a gateway for your virtual servers.

The name of the bridge doesn't really matter. However, if you are using a control panel to manage your virtual servers, you will need to make sure that the control panel knows the name of the bridge that we're about to create. In this case, we'll assume our primary interface is enp4s0 and will name our bridge br0.

We do this by issuing the following command:

touch /etc/sysconfig/network-scripts/ifcfg-br0

Step 4: Configure the Bridge

Now open the ifcfg-br0 file with your favorite text editor (such as nano, vi, or vim), and put this into the file, modifying where necessary:

DEVICE=br0
ONBOOT=yes
TYPE=Bridge
BOOTPROTO=static
IPADDR=PUT FIRST USABLE IP ADDRESS FROM ADDITIONAL SUBNET HERE
NETMASK=255.255.255.240
STP=off
DELAY=0

Configuration Parameters Explained

  • DEVICE=br0: The name of the bridge interface
  • ONBOOT=yes: Start the bridge automatically on system boot
  • TYPE=Bridge: Specifies that this is a bridge interface
  • BOOTPROTO=static: Use a static IP address configuration
  • IPADDR: Replace this with the first usable IP address from your additional Hetzner subnet
  • NETMASK=255.255.255.240: This is for a /29 subnet (adjust accordingly for your subnet size)
  • STP=off: Disable Spanning Tree Protocol (not needed for simple setups)
  • DELAY=0: No forwarding delay

Understanding Subnet Masks

Common subnet masks and their CIDR notation:

  • 255.255.255.252 = /30 (2 usable IPs)
  • 255.255.255.248 = /29 (6 usable IPs)
  • 255.255.255.240 = /28 (14 usable IPs)
  • 255.255.255.224 = /27 (30 usable IPs)

Make sure to adjust the NETMASK value according to the subnet size provided by Hetzner.

Step 5: Save and Restart Network

Save the file and exit the text editor. If you're using nano, press Ctrl+X, then Y to confirm, and Enter to save.

All that's left now is to restart the network. We do this by typing the following into the command line:

service network restart

Alternatively, on newer CentOS/RHEL systems, you might need to use:

systemctl restart network

Step 6: Verify the Bridge

After restarting the network, verify that the bridge is active by running:

ifconfig br0

Or using the ip command:

ip addr show br0

You should see the bridge interface with the IP address you configured.

Configuring Virtual Servers to Use the Bridge

Once your bridge is set up and active, you can configure your virtual servers (KVM, XEN, etc.) to use this bridge. The configuration process depends on your virtualization platform:

For KVM (libvirt)

When creating or editing a virtual machine, specify the bridge in the network configuration:

<interface type="bridge">
  <source bridge="br0"/>
  <model type="virtio"/>
</interface>

For XEN

In your XEN domain configuration file, specify the bridge:

vif = [ 'bridge=br0' ]

Troubleshooting

If you encounter issues after setting up the bridge:

Bridge Not Appearing

Check the network configuration file for syntax errors:

cat /etc/sysconfig/network-scripts/ifcfg-br0

Network Restart Fails

Check the network service logs:

journalctl -u network

Virtual Servers Can't Access Internet

Verify that:

  • The bridge has the correct IP address and netmask
  • IP forwarding is enabled: echo 1 > /proc/sys/net/ipv4/ip_forward
  • Firewall rules allow traffic through the bridge

Conclusion

That's it! The bridge is now active, and your virtual servers will be able to access the Internet. Good job!

By following these steps, you've successfully configured a network bridge on your Hetzner dedicated server, enabling you to run virtualization platforms like KVM or XEN with proper network connectivity for your virtual servers.

Remember to always make backups before making network configuration changes, and test your setup thoroughly before deploying virtual servers in production.

If you need help setting this up or managing your virtual servers, feel free to contact us. We're always happy to assist!