[PVE-User] PX4 and IPv6

Guillaume proxmox at shadowprojects.org
Wed Aug 17 18:00:05 CEST 2016 

It the same for http/https access.

I can access my websites on ipv6 from my host (tested with lynx on http 
and https), but not from the outside.

No issues with ipv4.


Le 17/08/2016 à 17:20, Guillaume a écrit :
> Hello,
>
> I have an issue with ipv6.
>
> My host and my lxc container all have an ipv6 address and are able to 
> ping worldwide ipv6 addresses (e.g. ping6 ipv6.google.com works).
> My host can ping my containers ipv6 address.
> I can't ping my ipv6 addresses from the outside, except for the host 
> ipv6 address.
>
> Here's my firewall configuration :
>
> * cluster.fw
>
> [OPTIONS]
> enable: 1
>
> [RULES]
> IN Ping(ACCEPT)
> IN NeighborDiscovery(ACCEPT)
>
> [group web]
> IN HTTPS(ACCEPT)
> IN HTTP(ACCEPT)
>
>
> * 102.fw
>
> [OPTIONS]
> enable: 1
>
> [RULES]
> IN Ping(ACCEPT)
> IN NeighborDiscovery(ACCEPT)
> GROUP web
>
>
> # sysctl -p
> net.ipv6.conf.eth0.disable_ipv6 = 0
> net.ipv6.conf.eth1.disable_ipv6 = 0
> net.ipv6.conf.all.forwarding = 1
> net.ipv6.conf.all.autoconf = 0
> net.ipv6.conf.default.autoconf = 0
> net.ipv6.conf.vmbr0.autoconf = 0
> net.ipv6.conf.all.accept_ra = 0
> net.ipv6.conf.default.accept_ra = 0
> net.ipv6.conf.vmbr0.accept_ra = 0
> net.ipv6.conf.vmbr0.accept_ra = 0
> net.ipv6.conf.vmbr0.autoconf = 0
> fs.inotify.max_user_instances = 1024
>
>
> * Host ipv6 interface :
> iface vmbr0 inet6 static
>          address  2001:41d0:1007:1c79::
>          netmask  64
>          post-up /sbin/ip -f inet6 route add 
> 2001:41d0:1007:1cff:ff:ff:ff:ff dev vmbr0
>          post-up /sbin/ip -f inet6 route add default via 
> 2001:41d0:1007:1cff:ff:ff:ff:ff
>          pre-down /sbin/ip -f inet6 route del default via 
> 2001:41d0:1007:1cff:ff:ff:ff:ff
>          pre-down /sbin/ip -f inet6 route del 
> 2001:41d0:1007:1cff:ff:ff:ff:ff dev vmbr0
>
> * Container ipv6 interface :
> iface eth0 inet6 static
>          address 2001:41d0:1007:1c79::102
>          netmask 64
> # --- BEGIN PVE ---
>          post-up ip route add 2001:41d0:1007:1cff:ff:ff:ff:ff dev eth0
>          post-up ip route add default via 
> 2001:41d0:1007:1cff:ff:ff:ff:ff dev eth0
>          pre-down ip route del default via 
> 2001:41d0:1007:1cff:ff:ff:ff:ff dev eth0
>          pre-down ip route del 2001:41d0:1007:1cff:ff:ff:ff:ff dev eth0
> # --- END PVE ---
>
> Any idea ?
> Thanks,
>

More information about the pve-user mailing list