Hetzner Bridge Network Configuration

Setting up Bridge

When you order a server from hetzner ( Auction / Normal ) the following would be the state assuming you have only purchased an additional IP and not a subnet

Bridge Mode

Debian 11.x / 12.x

The following file contains the default network configuration on a default installation on Debian 11/12 on Hetzner.

nano /etc/network/interfaces

### Hetzner Online GmbH installimage
source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback
iface lo inet6 loopback

auto enp0s31f6
iface enp0s31f6 inet static
address 159.69.69.236
netmask 255.255.255.192
gateway 159.69.69.193
# route 159.69.69.192/26 via 159.69.69.193
up route add -net 159.69.69.192 netmask 255.255.255.192 gw 159.69.69.193 dev enp0s31f6

iface enp0s31f6 inet6 static
address 2a01:4f8:231:1526::2
netmask 64
gateway fe80::1

Now with the above config in place, to create the bridge, we will make changes as follows

### Hetzner Online GmbH installimage
source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback
iface lo inet6 loopback

# Physical interface - no IP configuration here
auto enp0s31f6
iface enp0s31f6 inet manual

# Bridge configuration
auto virbr0
iface virbr0 inet static
address 159.69.69.236
netmask 255.255.255.192
gateway 159.69.69.193
hwaddress ether 90:1b:0e:f1:70:66
dns-nameservers 8.8.8.8 8.8.4.4
bridge_ports enp0s31f6
bridge_stp off
bridge_fd 0
bridge_maxwait 0

iface virbr0 inet6 static
address 2a01:4f8:231:1526::2
netmask 64
gateway fe80::1
bridge_ports enp0s31f6
bridge_stp off
bridge_fd 0
bridge_maxwait 1

RHEL9

As you can see running the command nmcli connection show will show you the interfaces present on your system.

For the mac address we will use the following command

[root@ns3153458 ~]$ nmcli connection show "enp0s31f6" | grep mac-address
802-3-ethernet.mac-address:                             90:1b:0e:f1:70:66
802-3-ethernet.cloned-mac-address:                      --
802-3-ethernet.generate-mac-address-mask:               --
802-3-ethernet.mac-address-denylist:                    --
802-3-ethernet.accept-all-mac-addresses:-1              (default) 

The following commands can be used to create a bridge on any RHEL9 distribution.

nmcli connection add type bridge con-name virbr0 ifname virbr0
nmcli connection modify virbr0 ipv4.addresses '159.69.69.236/26' ipv4.gateway '159.69.69.193' ipv4.dns '8.8.8.8' ipv4.method manual
nmcli connection modify enp0s31f6 master virbr0
nmcli connection modify virbr0 connection.autoconnect-slaves 1
nmcli connection modify "virbr0" ethernet.cloned-mac-address 90:1b:0e:f1:70:66
nmcli connection up vibr0 && nmcli connection up enp0s31f6

Ubuntu 22.04 / 24.04

The following file contains the default network configuration on a default installation on Ubuntu 22.04/24.04 on Hetzner.

nano /etc/netplan/01-netcfg.yaml

### Hetzner Online GmbH installimage
network:
  version: 2
  renderer: networkd
  ethernets:
    enp0s31f6:
      addresses:
        - 159.69.69.236/32
        - 2a01:4f8:231:1526::2/64
      routes:
        - on-link: true
          to: 0.0.0.0/0
          via: 159.69.69.193
        - to: default
          via: fe80::1
      nameservers:
        addresses:
          - 185.12.64.1
          - 2a01:4ff:ff00::add:2
          - 185.12.64.2
          - 2a01:4ff:ff00::add:1

Now with the above config in place, to create the bridge, we will make changes as follows:

### Hetzner Online GmbH installimage
network:
  version: 2
  renderer: networkd
  ethernets:
    enp0s31f6:
      match:
        macaddress: 90:1b:0e:f1:70:66
      dhcp4: no
      dhcp6: no
  bridges:
    br0:
      macaddress: 90:1b:0e:f1:70:66
      interfaces:
        - enp0s31f6
      dhcp4: no
      dhcp6: no
      addresses:
        - 159.69.69.236/32
        - 2a01:4f8:231:1526::2/64
      routes:
        - to: 0.0.0.0/0
          via: 159.69.69.193
          on-link: true
        - to: "::/0"
          via: "fe80::1"
          on-link: true
      nameservers:
        addresses:
          - 185.12.64.1
          - 2a01:4ff:ff00::add:2
          - 185.12.64.2
          - 2a01:4ff:ff00::add:1

• If you notice we have mentioned the macaddress of the interface in the bridge configuration. This is required to ensure that the bridge is created with the correct MAC address.
• Also we changed the default route for ipv6 to ::/0 and pushed it via fe80::1
• We also added the on-link flag to the default route.

Now we can apply our network settings using the following command.

netplan apply

info

Please perform a reboot to confirm if everything works as expected, incase of any difficulties please reach out to our support.