Hi,
I'm having problems with setting up working IPv6 on my OPNsense installation running on Proxmox. I have a /56 assigned from Hetzner.
This is the /etc/network/interfaces of the host machine:
I can ping both the host machine (f300::1336) and the OPNsense (f300::1337) from the internet.
WAN interface is setup like this:
The gateway shows up as online.
I have created a VLAN called DMZ, with the following setup:
The situation is as follows; I can ping the internet from inside of the VM's assigned to this VLAN, IPv6 is working, HOWEVER I cannot access / ping these VM's from the outside, not from the host machine, not from the internet.
So if I ping 2a01:4f8:13b:f301::1234 (which is assigned to my mail server), I will get address unreachable. It is probably some stupid thing I'm not getting (I'm a beginner), so any help or poke in the right direction would be greatly appreciated.
Thanks in advance.
I'm having problems with setting up working IPv6 on my OPNsense installation running on Proxmox. I have a /56 assigned from Hetzner.
This is the /etc/network/interfaces of the host machine:
Code:
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
iface lo inet6 loopback
auto enp4s0
iface enp4s0 inet static
address x.x.1x.x/26
gateway x.x.x.1
up route add -net 94.130.161.0 netmask 255.255.255.192 gw 94.130.161.1 dev enp4s0
post-up sysctl -w net.ipv4.ip_forward=1
post-up sysctl -w net.ipv6.conf.all.forwarding=1
post-up iptables -t nat -A PREROUTING -i enp4s0 -p tcp -m multiport ! --dport 22535,8006 -j DNAT --to 10.10.10.1
post-up iptables -t nat -A PREROUTING -i enp4s0 -p udp -j DNAT --to 10.10.10.1
# route x.x.x.0/26 via 94.130.161.1
iface enp4s0 inet6 static
address 2a01:xxxx:xxxx:f300::1/128
gateway fe80::1
iface enp4s0 inet6 static
address 2a01:xxxx:xxxx:2b1d::/64
gateway fe80::1
iface eth0 inet manual
auto vmbr0
iface vmbr0 inet static
address 10.10.10.0/31
bridge-ports none
bridge-stp off
bridge-fd 0
post-up iptables -t nat -A POSTROUTING -s '10.10.10.1/31' -o enp4s0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.1/31' -o enp4s0 -j MASQUERADE
#OPNSense WAN - Proxmox LAN
iface vmbr0 inet6 static
address 2a01:xxxx:xxxx:f300::1336/127
up ip -6 route add 2a01:xxxx:xxxx:f300::/56 via 2a01:xxxx:xxxx:f300::1337 dev vmbr0
auto vmbr1
iface vmbr1 inet manual
ovs_type OVSBridge
#VM Net
I can ping both the host machine (f300::1336) and the OPNsense (f300::1337) from the internet.
WAN interface is setup like this:
Code:
IPv6 address: 2a01:xxxx:xxxx:f300::1337/127
Gateway: 2a01:xxxx:xxxx:f300::1336
Block bogon networks checked
The gateway shows up as online.
I have created a VLAN called DMZ, with the following setup:
Code:
IP address: 2a01:xxxx:xxxx:f301::1/64
Gatewaay: Auto-detect
Nothing else is checked
The situation is as follows; I can ping the internet from inside of the VM's assigned to this VLAN, IPv6 is working, HOWEVER I cannot access / ping these VM's from the outside, not from the host machine, not from the internet.
So if I ping 2a01:4f8:13b:f301::1234 (which is assigned to my mail server), I will get address unreachable. It is probably some stupid thing I'm not getting (I'm a beginner), so any help or poke in the right direction would be greatly appreciated.
Thanks in advance.