# /etc/network/interfaces
#
auto lo
iface lo inet loopback

# device: eth0
iface eth0 inet manual

# IPv4 bridge
# (connect ONLY your firewall/router KVM instance here, this is the WAN device!)
auto vmbr0
iface vmbr0 inet static
        # Hetzner primary WAN IP
        address   176.9.xxx.xxx

        # Hetzner primary WAN IP broadcast address
        broadcast 176.9.xxx.xyz

        # This netmask needs to have all bits set
        netmask   255.255.255.255

        # Our gateway is reachable via Point-to-Point tunneling
        # put the Hetzner gateway IP address here twice
        pointopoint 176.9.xxx.yyy
        gateway   176.9.xxx.yyy

        # Virtual bridge settings
        # this one is bridging physical eth0 interface
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

        # add a static route through the Hetzner gateway IP
        # for the subnet our primary IP belongs to
        up route add -net 176.9.xxx.zyx netmask 255.255.255.224 gw 176.9.xxx.yyy vmbr0

        # Add routing for up to 4 dedicated IP's we get from Hetzner
        # You need to 
        up ip route add 176.9.xxx.xx1/32 dev vmbr0
        up ip route add 176.9.xxx.xx2/32 dev vmbr0
        up ip route add 176.9.xxx.xx3/32 dev vmbr0
        up ip route add 176.9.xxx.xx4/32 dev vmbr0

        # Assure local routing of private IPv4 IP's from our
        # Proxmox host via our firewall's WAN port
        up ip route add 192.168.0.0/16 via 176.9.xxx.xx1 dev vmbr0
        up ip route add 172.16.0.0/12 via 176.9.xxx.xx1 dev vmbr0
        up ip route add 10.0.0.0/8 via 176.9.xxx.xx1 dev vmbr0

# IPv6 bridge
# (connect ONLY your firewall/router KVM instance here, this is the WAN device!)
iface vmbr0 inet6 static
        address 2a01:4f8:151:XXX::3
        netmask 64
        up ip -6 route add 2a01:4f8:151:XXX::1 dev vmbr0
        up ip -6 route add default via 2a01:4f8:151:XXX::1

# Virtual switch for DMZ
# (connect your firewall/router KVM instance and private DMZ hosts here)
auto vmbr1
iface vmbr1 inet manual
        bridge_ports none
        bridge_stp off
        bridge_fd 0

# Virtual switch for Private LAN
# (connect your firewall/router KVM instance and private hosts here)
auto vmbr2
iface vmbr2 inet manual
        bridge_ports none
        bridge_stp off
        bridge_fd 0

# Virtual switch for Test Data Center
# (connect your firewall/router KVM instance and private hosts here)
auto vmbr3
iface vmbr3 inet manual
        bridge_ports none
        bridge_stp off
        bridge_fd 0