LXC Ubuntu 18.04 disable IPv6 privacy address

C

caribou

Member
Dec 4, 2019
5
0
6
25
Hello,
LXC container based on Ubuntu 18.04 should have only a static IPv6 address, as configued in /etc/pve/nodes/pve/lxc/100.conf:
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.9.100,gw6=2001:1570:218:9::1,hwaddr=56:0A:77:22:13:0F,ip=192.168.9.203/24,ip6=2001:1570:218:9::203/64,type=veth

However, ip addr show dev eth9 shows:
58: eth0@if59: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 56:0a:77:22:13:0f brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.9.203/24 brd 192.168.9.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2001:1570:218:9:83f9:a9c:621c:4a78/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 2591848sec preferred_lft 604648sec
inet6 2001:1570:218:9::203/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::540a:77ff:fe22:130f/64 scope link
valid_lft forever preferred_lft forever

cat /etc/systemd/network/eth0.network shows:
[Match]
Name = eth0

[Network]
Description = Interface eth0 autoconfigured by PVE
Address = 192.168.9.203/24
Gateway = 192.168.9.100
Address = 2001:1570:218:9::203/64
Gateway = 2001:1570:218:9::1
DHCP = none
IPv6AcceptRA = false

Where does the additional IPv6 address 2001:1570:218:9:83f9:a9c:621c:4a78 come from?
I don´t see it as derived from the MAC address, so I assume it is a privacy address, but it is not enabled!
I also tried to change /etc/sysctl.d/10-ipv6-privacy.conf to:
net.ipv6.conf.all.use_tempaddr = 0
net.ipv6.conf.default.use_tempaddr = 0

But it has no effect as well.
It is also confusing that the address sustains for days, so imho it´s not really a privacy address which should change more often.

I only want the container to have one static IPv6 address as otherwise I cannot restrict firewall rules accordingly and I also have trouble that services running on this container reply with different address than client requests come in.
 
Meanhwile I started again from scratch: erased old container, setup a new container.
There is only one static IPv6 address as desired.
Installed all the software packages as needed, carefully checked after every step or reboot whether there´s really still this one static IPv6 address.
All´s fine, tested my server software for about 30min, afterwards all still fine.

So decided to do a backup in "STOP" mode.
After backup / reboot was done, suddently there´s this additional IPv6 address here again!!
 
Meanwhile after some fresh test installations I found the cause myself and want to document it here. The software that I installed is making use of dhcpcd, and the according /etc/dhcpcd.conf looked as follows:
slaac private
interface eth0
static ip_address=192.168.9.203/24
static routers=192.168.9.100
static domain_name_servers=127.0.0.1

I removed 'slaac private' and under eth0 added 'ipv6ra_noautoconf'
So the LXC container still uses its static IPv6 address and accepts RAs, but doesn't generate an additional IPv6 address.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back