Hi,
I have lxc containers which shall only have an internal networking connection (on vmbr1 = private 10.010.10.x network). The PVE host has a masquerading rule to allow updating/installation jobs for the inernal lxc containers. For the ipv4 masquerading I followed this info:
https://pve.proxmox.com/wiki/Networ...ith_tt_span_class_monospaced_iptables_span_tt
where enp0s31f6 is the public interface of the PVE host (the public interface is bridged to vmbr0 for those lxc/kvm VMs that have a public ipv4 IP).
Has anyone succeeded with a similar setup? What would be the correct masquerading rule to do the same for ipv6 addressing ?
Thanks for any ideas,
Thommie
I have lxc containers which shall only have an internal networking connection (on vmbr1 = private 10.010.10.x network). The PVE host has a masquerading rule to allow updating/installation jobs for the inernal lxc containers. For the ipv4 masquerading I followed this info:
https://pve.proxmox.com/wiki/Networ...ith_tt_span_class_monospaced_iptables_span_tt
# NAT masquerarding for internal private network to allow internet access from "private only" VMs
# https://pve.proxmox.com/wiki/Network_Configuration
# allow forwarding
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
# masquerading
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o enp0s31f6 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o enp0s31f6 -j MASQUERADEwhere enp0s31f6 is the public interface of the PVE host (the public interface is bridged to vmbr0 for those lxc/kvm VMs that have a public ipv4 IP).
Has anyone succeeded with a similar setup? What would be the correct masquerading rule to do the same for ipv6 addressing ?
Thanks for any ideas,
Thommie