Proxmox experts

mezoologymezoology
edited December 2020 in Help

currently, I'm playing with Proxmox, Host, as usual, have 1x IPv4 and a /64 IPv6.
I managed to do a NAT setup and then managed to assign a /69 - lol- Iv6 to each VM
but both never work at the same time.

  • I need to divide/use the public /64, not to generate private nor NAT IPv6
    spent a lot of reading but Santa never came when I needed him the most.
    my current conf
auto lo
iface lo inet loopback

auto ens3
iface ens3 inet static
    address 50.60.70.56/24
    gateway 50.60.70.1

iface ens3 inet6 static
    address 2a0d:5871:c12:33::222/69
    gateway 2a0d:5871:c12::1

auto vmbr0
iface vmbr0 inet static
    address 10.10.10.1/24
    bridge-ports none
    bridge-stp off
    bridge-fd 0  
  post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
  post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o ens3 -j MASQUERADE
  post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o ens3 -j MASQUERADE
  post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1 
  post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

iface vmbr0 inet6 static
    address 2a0d:5871:c12:33::222/69

any advice?

Comments

  • NeoonNeoon OG

    https://github.com/Ne00n/NanoKVM-Tools/blob/master/subnetGenv6.php

    Works for me.

    Thanked by (3)mezoology jureve ferri

    Free NAT KVM | Free NAT LXC

  • mezoologymezoology
    edited December 2020

    oh I should be more specific, I need to divide/use the public /64, not to generate private nor use NAT IPv6
    thanks for your answer tho, OP edited

  • Mr_TomMr_Tom OG
    edited December 2020

    Your config doesn't look like it has IPv6 forwarding? Enabling that would probably work without needing any additional routing.

    Do you have the following in /etc/sysctl.conf

    net.ipv6.conf.all.forwarding=1
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.proxy_ndp=1
net.ipv6.conf.default.proxy_ndp=1
    Thanked by (2)Falzo ehab
  • mezoologymezoology
    edited December 2020

    @Mr_Tom said:
    Your config doesn't look like it has IPv6 forwarding? Enabling that would probably work without needing any additional routing.

    Do you have the following in /etc/sysctl.conf

    net.ipv6.conf.all.forwarding=1
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.proxy_ndp=1
net.ipv6.conf.default.proxy_ndp=1

    yes it does.
    also in /etc/network/interfaces there Is ip neigh add proxy 2a0d:5871:c12:33::/69 dev ens3

  • havochavoc OG

    Do you have control over the client side? Or are these customers thus the need to force it via config?

    I generally just used a bridge and hardcoded whatever I needed into the VM setup/client interfaces file

  • mezoologymezoology

    @havoc said:
    Do you have control over the client side? Or are these customers thus the need to force it via config?

    I generally just used a bridge and hardcoded whatever I needed into the VM setup/client interfaces file

    I do, its all mine, I don't resell it.
    current config, I finally able to ping6 the host from inside the VM, but not the internet.

    "/etc/network/interfaces"


    iface lo inet loopback
iface lo inet6 loopback

auto ens3
iface ens3 inet static
    address 12.49.124.228/24
    gateway 12.49.124.1

iface ens3 inet6 static
    address 2a0d:c0a1:1:52::/64
    gateway 2a0d:c0a1:1::1

auto vmbr0
iface vmbr0 inet static
    address 10.10.10.1/24
    bridge-ports none
    bridge-stp off
    bridge-fd 0  
  post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
  post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o ens3 -j MASQUERADE
  post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o ens3 -j MASQUERADE
  post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1 
  post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

iface vmbr0 inet6 static
    address 2a0d:c0a1:1:52::/64

    "/etc/ndppd.conf"

    proxy vmbr0 {
          rule 2a0d:c0a1:1:52::/64 {
         }
}

    "/etc/sysctl.conf"

    net.ipv6.conf.all.autoconf = 0
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.vmbr0.autoconf = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.default.accept_ra = 0
net.ipv6.conf.vmbr0.accept_ra = 0
net.ipv6.conf.vmbr0.accept_ra = 0
net.ipv6.conf.vmbr0.autoconf = 0
net.ipv6.conf.all.router_solicitations = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.proxy_ndp = 1
net.ipv6.conf.all.proxy_ndp = 1
net.ipv4.ip_forward = 1

    Guest config

    auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address 10.10.10.5/24
        gateway 10.10.10.1

iface eth0 inet6 static
        address 2a0d:c0a1:1:52:800::1/69
        gateway 2a0d:c0a1:1:52::
  • Mr_TomMr_Tom OG
    edited December 2020

    You could try using 2a0d:c0a1:1::1 as the gateway in the VM.

    When you say you can ping on the guest have you tried domains, or IPv6 addresses?

  • mezoologymezoology

    @Mr_Tom said:
    You could try using 2a0d:c0a1:1::1 as the gateway in the VM.

    Still doesn't work

    When you say you can ping on the guest have you tried domains or IPv6 addresses?

    yes, the host IPv6 responds, domains get resolved but no ping. gives address unreachable

  • comicomi OG

    Hi, not sure how and why, but there is a small chance this helps:

    I've had an issue with proxmox before where all else being equal
    this doesn't forward

    interface0

bridge1
interface1

    but this forwards

    bridge0
interface0

bridge1
interface1

    Maybe it's not about proxmox at all, maybe this maybe that, even if it doesn't help it's worth a shot I guess.

  • mezoologymezoology

    I tested it on hetzner and it worked. but I need it on a PHP-friends bigger node, they sent me an email saying my node sending too many router advertisements.
    not sure if they did something that prevents this from working.

Sign In or Register to comment.

© LowEndSpirit 2024

ipv6 ready