ealmeida/claude-plugins
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
claude-plugins/infraestrutura/skills/proxmox-setup/references/networking-nat.md
Emanuel Almeida 6b3a6f2698 feat: refactor 30+ skills to Anthropic progressive disclosure pattern 
- All SKILL.md files now <500 lines (avg reduction 69%)
- Detailed content extracted to references/ subdirectories
- Frontmatter standardised: only name + description (Anthropic standard)
- New skills: brand-guidelines, spec-coauthor, report-templates, skill-creator
- Design skills: anti-slop guidelines, premium-proposals reference
- Removed non-standard frontmatter fields (triggers, version, author, category)

Plugins affected: infraestrutura, marketing, dev-tools, crm-ops, gestao,
core-tools, negocio, perfex-dev, wordpress, design-media

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 15:05:03 +00:00

2.9 KiB
Raw Permalink Blame History

Networking NAT e vSwitch - Proxmox Hetzner

Configuracao de rede NAT single-IP e vSwitch para Proxmox em Hetzner.

Networking NAT (Single-IP Hetzner)

Configurar /etc/network/interfaces

Template para Single-IP NAT:

auto lo
iface lo inet loopback

# Interface fisica (verificar nome com 'ip a')
auto eno1
iface eno1 inet static
        address   SERVER_IP/32
        gateway   GATEWAY_IP
        pointopoint GATEWAY_IP

# Bridge interna para VMs (NAT)
auto vmbr0
iface vmbr0 inet static
        address  10.10.10.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        # NAT masquerading
        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o eno1 -j MASQUERADE

CRITICAL Hetzner Gotchas:

  • Gateway /32 point-to-point (nao /24 ou /26)
  • IP e gateway podem estar em subnets diferentes
  • Verificar IP real e gateway no Hetzner Robot

Aplicar Networking

# Test config
ifup --no-act vmbr0

# Apply
systemctl restart networking

# Verificar
ip a
ping -c 3 8.8.8.8

Port Forwarding (Opcional - para expor VMs)

# Exemplo: Redirecionar porta 8080 host -> porta 80 VM 10.10.10.100
iptables -t nat -A PREROUTING -i eno1 -p tcp --dport 8080 -j DNAT --to 10.10.10.100:80

# Persistir com iptables-persistent
apt install iptables-persistent
iptables-save > /etc/iptables/rules.v4

vSwitch Configuration

Configurar VLAN no Robot Panel

  • Hetzner Robot -> vSwitch -> Create VLAN
  • Anotar VLAN ID (ex: 4000)

Adicionar ao /etc/network/interfaces

# vSwitch interface (MTU 1400 OBRIGATORIO)
auto enp7s0.4000
iface enp7s0.4000 inet manual
        mtu 1400

# Bridge vSwitch
auto vmbr1
iface vmbr1 inet static
        address 10.0.0.1/24
        bridge-ports enp7s0.4000
        bridge-stp off
        bridge-fd 0
        mtu 1400

CRITICAL: MTU 1400 nao negociavel para vSwitch Hetzner.

Hetzner-Specific Gotchas (CRITICAL)

1. MAC Filtering

Problema: Bridged networking com MAC nao registado = bloqueado Solucao aplicada: NAT masquerading (bypass MAC filtering) Alternativa: Pedir virtual MAC no Robot panel (gratis)

2. Gateway Point-to-Point

Problema: Gateway fora da subnet do IP principal Solucao: address IP/32 + pointopoint GATEWAY (nao /24 ou /26)

3. vSwitch MTU 1400

Problema: vSwitch Hetzner requer MTU 1400 (nao 1500 standard) Solucao: Forcar mtu 1400 em vmbr1 e enp7s0.4000

4. ZFS vs LVM Trade-off

Problema: installimage nao suporta ZFS root directo Solucao: LVM para root (compatibilidade), ZFS para VMs (performance)

5. Kernel PVE vs Debian

Problema: Kernel stock Debian nao optimizado para virtualizacao Solucao: Instalar proxmox-ve + remover kernel Debian

Reference in New Issue View Git Blame Copy Permalink