Hello,
LXC container based on Ubuntu 18.04 should have only a static IPv6 address, as configued in /etc/pve/nodes/pve/lxc/100.conf:
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.9.100,gw6=2001:1570:218:9::1,hwaddr=56:0A:77:22:13:0F,ip=192.168.9.203/24,ip6=2001:1570:218:9::203/64,type=veth
However, ip addr show dev eth9 shows:
cat /etc/systemd/network/eth0.network shows:
Where does the additional IPv6 address 2001:1570:218:9:83f9:a9c:621c:4a78 come from?
I don´t see it as derived from the MAC address, so I assume it is a privacy address, but it is not enabled!
I also tried to change /etc/sysctl.d/10-ipv6-privacy.conf to:
net.ipv6.conf.all.use_tempaddr = 0
net.ipv6.conf.default.use_tempaddr = 0
But it has no effect as well.
It is also confusing that the address sustains for days, so imho it´s not really a privacy address which should change more often.
I only want the container to have one static IPv6 address as otherwise I cannot restrict firewall rules accordingly and I also have trouble that services running on this container reply with different address than client requests come in.
LXC container based on Ubuntu 18.04 should have only a static IPv6 address, as configued in /etc/pve/nodes/pve/lxc/100.conf:
net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.9.100,gw6=2001:1570:218:9::1,hwaddr=56:0A:77:22:13:0F,ip=192.168.9.203/24,ip6=2001:1570:218:9::203/64,type=veth
However, ip addr show dev eth9 shows:
58: eth0@if59: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 56:0a:77:22:13:0f brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.9.203/24 brd 192.168.9.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2001:1570:218:9:83f9:a9c:621c:4a78/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 2591848sec preferred_lft 604648sec
inet6 2001:1570:218:9::203/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::540a:77ff:fe22:130f/64 scope link
valid_lft forever preferred_lft forever
link/ether 56:0a:77:22:13:0f brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.9.203/24 brd 192.168.9.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2001:1570:218:9:83f9:a9c:621c:4a78/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 2591848sec preferred_lft 604648sec
inet6 2001:1570:218:9::203/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::540a:77ff:fe22:130f/64 scope link
valid_lft forever preferred_lft forever
cat /etc/systemd/network/eth0.network shows:
[Match]
Name = eth0
[Network]
Description = Interface eth0 autoconfigured by PVE
Address = 192.168.9.203/24
Gateway = 192.168.9.100
Address = 2001:1570:218:9::203/64
Gateway = 2001:1570:218:9::1
DHCP = none
IPv6AcceptRA = false
Name = eth0
[Network]
Description = Interface eth0 autoconfigured by PVE
Address = 192.168.9.203/24
Gateway = 192.168.9.100
Address = 2001:1570:218:9::203/64
Gateway = 2001:1570:218:9::1
DHCP = none
IPv6AcceptRA = false
Where does the additional IPv6 address 2001:1570:218:9:83f9:a9c:621c:4a78 come from?
I don´t see it as derived from the MAC address, so I assume it is a privacy address, but it is not enabled!
I also tried to change /etc/sysctl.d/10-ipv6-privacy.conf to:
net.ipv6.conf.all.use_tempaddr = 0
net.ipv6.conf.default.use_tempaddr = 0
But it has no effect as well.
It is also confusing that the address sustains for days, so imho it´s not really a privacy address which should change more often.
I only want the container to have one static IPv6 address as otherwise I cannot restrict firewall rules accordingly and I also have trouble that services running on this container reply with different address than client requests come in.