NAT + IPv6 for containers on OVH Host with 1 Public IPv4 + IPv6/64

B

batonac

Renowned Member
Aug 2, 2015
15
5
68
York, PA, USA
avu.nu
Hi, I have a Proxmox host running a dedicated server from OVH. They provide both a single public IPv4 address, and a IPv6/64 block. I'd like to route all the IPv4 traffic from containers on my host through NAT, but set a proper public IPv6 for direct access.

I've succeeded in getting the IPv4 NAT working on a Open-v-switch bridge through an OVS IntPort that's dedicated to the IPv4 traffic, but I can't get the IPv6 addresses working.

Here's what I've done so far.
  1. Configure sysctl with the following settings:
    Code: 
    net.ipv4.ip_forward=1
net.ipv4.conf.nat0.forwarding=1
net.ipv6.conf.nat0.forwarding=1
net.ipv6.conf.all.autoconf=0
net.ipv6.conf.all.accept_ra=0
  2. Set up a custom network configuration file as follows (with public IPs removed):
    Code: 
    # network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback
iface lo inet6 loopback

auto enp66s0f0
iface enp66s0f0 inet manual
    ovs_type OVSPort
    ovs_bridge vmbr0

iface enx46b874ef8c98 inet manual

auto nat0
iface nat0 inet static
    address 10.0.0.1/16
    ovs_type OVSIntPort
    ovs_bridge vmbr0

auto vmbr0
iface vmbr0 inet static
    address ...
    gateway ...
    ovs_type OVSBridge
    ovs_ports enp66s0f0 nat0
    post-up iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    post-up iptables -A FORWARD -i nat0 -j ACCEPT
    post-up iptables -t nat -A POSTROUTING -o vmbr0 -j MASQUERADE

iface vmbr0 inet6 static
    address ...
    gateway ...
  3. Add firewall rules to allow all incoming traffic to nat0 and vmbr0.
  4. Setup dnsmasq to assign IPv6 addresses to the containers based on the OVH IPv6 block.
As I said, IPv4 works in the containers, IPv6 works on the host, but not the containers. What am I doing wrong?
 
Last edited:
  • Like
Reactions: noko
As it turns out, I'm still struggling with getting the Firewall to allow traffic to the containers with this setup. I'm afraid my solution wasn't a "fresh install" but rather simply neglecting to configure the firewall the second time.
 
Last edited:
Any update related with this?
**This is marked as "SOLVED" but seems it is not solved.
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back