Proxmox experts

edited December 2020 in Help

currently, I'm playing with Proxmox, Host, as usual, have 1x IPv4 and a /64 IPv6.
I managed to do a NAT setup and then managed to assign a /69 - lol- Iv6 to each VM
but both never work at the same time.

  • I need to divide/use the public /64, not to generate private nor NAT IPv6
    spent a lot of reading but Santa never came when I needed him the most.
    my current conf
auto lo
iface lo inet loopback

auto ens3
iface ens3 inet static
    address 50.60.70.56/24
    gateway 50.60.70.1

iface ens3 inet6 static
    address 2a0d:5871:c12:33::222/69
    gateway 2a0d:5871:c12::1

auto vmbr0
iface vmbr0 inet static
    address 10.10.10.1/24
    bridge-ports none
    bridge-stp off
    bridge-fd 0  
  post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
  post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o ens3 -j MASQUERADE
  post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o ens3 -j MASQUERADE
  post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1 
  post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

iface vmbr0 inet6 static
    address 2a0d:5871:c12:33::222/69

any advice?

Comments

  • edited December 2020

    oh I should be more specific, I need to divide/use the public /64, not to generate private nor use NAT IPv6
    thanks for your answer tho, OP edited

  • Mr_TomMr_Tom OG
    edited December 2020

    Your config doesn't look like it has IPv6 forwarding? Enabling that would probably work without needing any additional routing.

    Do you have the following in /etc/sysctl.conf

    net.ipv6.conf.all.forwarding=1
    net.ipv6.conf.default.forwarding=1
    net.ipv6.conf.all.proxy_ndp=1
    net.ipv6.conf.default.proxy_ndp=1
    
    Thanked by (2)Falzo ehab
  • edited December 2020

    @Mr_Tom said:
    Your config doesn't look like it has IPv6 forwarding? Enabling that would probably work without needing any additional routing.

    Do you have the following in /etc/sysctl.conf

    net.ipv6.conf.all.forwarding=1
    net.ipv6.conf.default.forwarding=1
    net.ipv6.conf.all.proxy_ndp=1
    net.ipv6.conf.default.proxy_ndp=1
    

    yes it does.
    also in /etc/network/interfaces there Is ip neigh add proxy 2a0d:5871:c12:33::/69 dev ens3

  • Do you have control over the client side? Or are these customers thus the need to force it via config?

    I generally just used a bridge and hardcoded whatever I needed into the VM setup/client interfaces file

  • @havoc said:
    Do you have control over the client side? Or are these customers thus the need to force it via config?

    I generally just used a bridge and hardcoded whatever I needed into the VM setup/client interfaces file

    I do, its all mine, I don't resell it.
    current config, I finally able to ping6 the host from inside the VM, but not the internet.

    "/etc/network/interfaces"


    "/etc/ndppd.conf"

    proxy vmbr0 {
              rule 2a0d:c0a1:1:52::/64 {
             }
    }
    

    "/etc/sysctl.conf"

    net.ipv6.conf.all.autoconf = 0
    net.ipv6.conf.default.autoconf = 0
    net.ipv6.conf.vmbr0.autoconf = 0
    net.ipv6.conf.all.accept_ra = 0
    net.ipv6.conf.default.accept_ra = 0
    net.ipv6.conf.vmbr0.accept_ra = 0
    net.ipv6.conf.vmbr0.accept_ra = 0
    net.ipv6.conf.vmbr0.autoconf = 0
    net.ipv6.conf.all.router_solicitations = 1
    net.ipv6.conf.default.forwarding = 1
    net.ipv6.conf.all.forwarding = 1
    net.ipv6.conf.default.proxy_ndp = 1
    net.ipv6.conf.all.proxy_ndp = 1
    net.ipv4.ip_forward = 1
    

    Guest config

    auto lo
    iface lo inet loopback
    
    auto eth0
    iface eth0 inet static
            address 10.10.10.5/24
            gateway 10.10.10.1
    
    iface eth0 inet6 static
            address 2a0d:c0a1:1:52:800::1/69
            gateway 2a0d:c0a1:1:52::
    
  • Mr_TomMr_Tom OG
    edited December 2020

    You could try using 2a0d:c0a1:1::1 as the gateway in the VM.

    When you say you can ping on the guest have you tried domains, or IPv6 addresses?

  • @Mr_Tom said:
    You could try using 2a0d:c0a1:1::1 as the gateway in the VM.

    Still doesn't work

    When you say you can ping on the guest have you tried domains or IPv6 addresses?

    yes, the host IPv6 responds, domains get resolved but no ping. gives address unreachable

  • Hi, not sure how and why, but there is a small chance this helps:

    I've had an issue with proxmox before where all else being equal
    this doesn't forward

    interface0
    
    bridge1
    interface1
    

    but this forwards

    bridge0
    interface0
    
    bridge1
    interface1
    

    Maybe it's not about proxmox at all, maybe this maybe that, even if it doesn't help it's worth a shot I guess.

  • I tested it on hetzner and it worked. but I need it on a PHP-friends bigger node, they sent me an email saying my node sending too many router advertisements.
    not sure if they did something that prevents this from working.

Sign In or Register to comment.

This Site is currently in maintenance mode.
Please check back here later.

→ Site Settings