Allow IPv6 NDP but prevent VMs/CTs from discovering each other

M

maturos

Member
Apr 26, 2022
34
3
13
Hello,
I need the Neighbour Discovery Protocol (NDP) to be activated on my machines in order to communicate to the internet via IPv6 and accept incoming connections over IPv6. For this the machine needs to broadcast Router Solicitations and receive Router Advertisements. Activating NDP in the firewall settings of my PVE also enables Neighbor Solicitation and Neighbor Advertisement. As of my understanding this is needed for the Router<->VM relation to make the machine known to the router (get incoming ipv6 connections) but I want to prevent the machines from discovering each other. For this I tried a workaround in the past:
  1. I deactivated NDP in the firewall GUI
  2. I set the following rules in a security group on datacenter level which I can assign to the machines that should do ipv6:
    1727216751078.png
However it doesn't really work. I gave up and now the topic came up again. The current me can no longer remember why the former me chose precisely this path. That's why I'd like to ask around if anyone has a better way. Why don't these rules work? Is the switch for NDP in the GUI prioritized over the security group rules?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back