Installation
Basic installation over plain debian https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_12_Bookworm
Network config
Network configs derived from: https://community.hetzner.com/tutorials/install-and-configure-proxmox_ve
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1
Proxmox host /etc/network/interfaces
This example is for the main IPv4 of 157.90.92.151 with two subnets of 157.90.196.48/28 and 162.55.142.192/28. The IPv4 gateway is derived from the existing Hetzner configs given on install.
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
iface lo inet6 loopback
auto enp8s0
iface enp8s0 inet static
address 157.90.92.151
netmask 255.255.255.255
pointopoint 157.90.92.129
gateway 157.90.92.129
iface enp8s0 inet6 static
address 2a01:4f8:252:3e22::2
netmask 128
gateway fe80::1
auto vmbr0
iface vmbr0 inet static
address 157.90.92.151
netmask 255.255.255.255
bridge_ports none
bridge_stp off
bridge_fd 0
pre-up brctl addbr vmbr0
up ip route add 157.90.196.48/28 dev vmbr0
up ip route add 162.55.142.192/28 dev vmbr0
down ip route del 157.90.196.48/28 dev vmbr0
down ip route del 162.55.142.192/28 dev vmbr0
post-down brctl delbr vmbr0
iface vmbr0 inet6 static
address 2a01:4f8:252:3e22::2
netmask 64
The important bits here are sysctl forwarding and routing our guest subnet to vmbr0.
Also need to systemctl disable --now rpcbind.socket
per Hetzner rules.
Debian guest config
Subnet: 157.90.196.48/28
auto ens18
iface ens18 inet static
address 157.90.196.48/32
# or address 157.90.196.X/32
gateway 157.90.92.151
iface ens18 inet6 static
# in this case i'm using the same ending as ipv4
address 2a01:4f8:252:3e22::48/64
gateway 2a01:4f8:252:3e22::2
/etc/apt/sources.list
deb http://mirror.hetzner.de/debian/packages bookworm main
deb http://mirror.hetzner.de/debian/packages bookworm-updates main
deb http://mirror.hetzner.de/debian/packages bookworm-backports main
deb http://mirror.hetzner.de/debian/security bookworm-security main
deb http://security.debian.org bookworm-security main
/etc/resolv.conf
These are specifically Hetzner’s internal resolvers.
nameserver 213.133.100.100
nameserver 213.133.98.98
nameserver 213.133.99.99
nameserver 2a01:4f8:0:1::add:1010
nameserver 2a01:4f8:0:1::add:9999
nameserver 2a01:4f8:0:1::add:9898