Search results

I tried pasting the code in /etc/nftables.conf but it does not work over there, where should I paste these commands?

Try this guide https://saudiqbal.github.io/Proxmox/proxmox-IPv6-interface-setup-DHCPv6-or-static.html You also need to accept IPv6 router advertisement accept_ra 2

It is because godaddy no longer allows api to update dns records anymore. You need at least 50 domains with them before you can use the API again. Either host your own DNS server or move to cloudflare.

I added the reject rule to block local lan set v4-dc/lan { type ipv4_addr flags interval elements = { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 } } set v4-dc/lan-nomatch { type...

The last rule in chain do-reject is wrong. I was wondering why the connection keeps timing out instead of immediately getting a reject. It is currently at drop when it should be reject, even the rule name is do-reject! chain do-reject { meta pkttype broadcast drop ip saddr 224.0.0.0/4...

I think Proxmox should start using the default port 443 since Proxmox runs on its own IP address so there is no need to use port 8006.

I had this for both IPv4 and IPv6 nft add table ip nat nft 'add chain ip nat prerouting { type nat hook prerouting priority -100; }' nft 'add rule ip nat prerouting ip daddr 10.88.88.6 tcp dport { 443 } dnat 10.88.88.6:8006' nft add table ip6 nat nft 'add chain ip6 nat prerouting { type nat...

I can confirm both IPv6 and IPv4 rules are working and I can also connect to VM now. Great job. :cool:

I did apt update but there is no update available, its been more than 10 hours.

Cloudflare

I will test it once the update comes out. Also, I filed a bug report for DHCPv6 setup for proxmox since something is recreating DUID on every boot. https://forum.proxmox.com/threads/looks-like-proxmox-8-is-generating-new-ipv6-duid-for-every-reboot.129429/ Bug report...

I filed a bug report https://bugzilla.proxmox.com/show_bug.cgi?id=5466 Please find out why Proxmox is generating a new DUID on each reboot.

fd88::/64, 10.88.88.0/24 is my home subnet, I allowed the gateway fd88::1, 10.88.88.1 and blocked the rest. It used to work with iptables. If I connect to a VM (fd88::a97, 10.88.88.11) then no connection is possible.

From my local LAN computer. Same rules chain group-deny-lan-access-in { } chain group-deny-lan-access-out { ip6 daddr fd88::1 accept ip daddr 10.88.88.1 accept ip6 daddr fd88::/64 drop ip daddr...

There is another problem, I cannot connect to VM via SSH after applying the above rules!

Try to add gateway to inet6 iface vmbr0 inet6 dhcp gateway fd00:0:0:1::1 up ip token set ::3 dev vmbr0 accept_ra 2

You are using a static config, you can use IPv6 token to add static suffix to your proxmox host. accept_ra 2 up ip token set ::71c6:b34f:8e2a:54f5 dev vmbr0

Hopefully it works, I am currently using it right now myself. Once you reboot your router and it clears the stored DUID, start proxmox and copy the newly assigned client id from /var/lib/dhcp/dhclient6.vmbr0.leases and paste it in /etc/dhcp/dhclient.conf interface "vmbr0" { send...

This is correct, once you get a fresh dhcp6.client-id add it to the host file and from that point it will boot fine.

If your Proxmox host does not boot try rebooting the router, proxmox waits until a new lease is received and once you reboot the router, your router gives a new lease and proxmox boots immediately.