# Networking NAT e vSwitch - Proxmox Hetzner

Configuracao de rede NAT single-IP e vSwitch para Proxmox em Hetzner.

---

## Networking NAT (Single-IP Hetzner)

### Configurar /etc/network/interfaces

Template para Single-IP NAT:

```bash
auto lo
iface lo inet loopback

# Interface fisica (verificar nome com 'ip a')
auto eno1
iface eno1 inet static
        address   SERVER_IP/32
        gateway   GATEWAY_IP
        pointopoint GATEWAY_IP

# Bridge interna para VMs (NAT)
auto vmbr0
iface vmbr0 inet static
        address  10.10.10.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        # NAT masquerading
        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE
```

**CRITICAL Hetzner Gotchas:**
- Gateway /32 point-to-point (nao /24 ou /26)
- IP e gateway podem estar em subnets diferentes
- Verificar IP real e gateway no Hetzner Robot

### Aplicar Networking

```bash
# Test config
ifup --no-act vmbr0

# Apply
systemctl restart networking

# Verificar
ip a
ping -c 3 8.8.8.8
```

### Port Forwarding (Opcional - para expor VMs)

```bash
# Exemplo: Redirecionar porta 8080 host -> porta 80 VM 10.10.10.100
iptables -t nat -A PREROUTING -i eno1 -p tcp --dport 8080 -j DNAT --to 10.10.10.100:80

# Persistir com iptables-persistent
apt install iptables-persistent
iptables-save > /etc/iptables/rules.v4
```

---

## vSwitch Configuration

### Configurar VLAN no Robot Panel

- Hetzner Robot -> vSwitch -> Create VLAN
- Anotar VLAN ID (ex: 4000)

### Adicionar ao /etc/network/interfaces

```bash
# vSwitch interface (MTU 1400 OBRIGATORIO)
auto enp7s0.4000
iface enp7s0.4000 inet manual
        mtu 1400

# Bridge vSwitch
auto vmbr1
iface vmbr1 inet static
        address 10.0.0.1/24
        bridge-ports enp7s0.4000
        bridge-stp off
        bridge-fd 0
        mtu 1400
```

**CRITICAL:** MTU 1400 nao negociavel para vSwitch Hetzner.

---

## Hetzner-Specific Gotchas (CRITICAL)

### 1. MAC Filtering
**Problema:** Bridged networking com MAC nao registado = bloqueado
**Solucao aplicada:** NAT masquerading (bypass MAC filtering)
**Alternativa:** Pedir virtual MAC no Robot panel (gratis)

### 2. Gateway Point-to-Point
**Problema:** Gateway fora da subnet do IP principal
**Solucao:** `address IP/32` + `pointopoint GATEWAY` (nao /24 ou /26)

### 3. vSwitch MTU 1400
**Problema:** vSwitch Hetzner requer MTU 1400 (nao 1500 standard)
**Solucao:** Forcar `mtu 1400` em vmbr1 e enp7s0.4000

### 4. ZFS vs LVM Trade-off
**Problema:** installimage nao suporta ZFS root directo
**Solucao:** LVM para root (compatibilidade), ZFS para VMs (performance)

### 5. Kernel PVE vs Debian
**Problema:** Kernel stock Debian nao optimizado para virtualizacao
**Solucao:** Instalar proxmox-ve + remover kernel Debian