PVEFW-0-management-v6 ruleset doesn't populate with my ip6 subnet

P

perilous_lines

New Member
Mar 18, 2025
2
0
1
Thank you for your time. I am a newb and just starting out with VM's in general and any help is appreciated.

My setup:
Fresh install of prox 8.3.5. IPv4 assigned from routers DHCP and IPv6 using SLAAC.

Problem:
After enabling the pve-firewall, ruleset "PVEFW-0-management-v6 " is created and applied to common ports 22, 8006 etc but ipset list PVEFW-0-management-v6 shows there are 0 members in the set. So ssh -6 from a local machine fails when firewall is on.

Troubleshooting:
I tried adding my subnet using the GUI Datacenter > Firewall > IPset > Create and it populated the cluster.fw file but ipset list still shows 0 members.
I can temporarily set it using ipset add PVEFW-0-management-v6 xxx::/64 but within a few seconds the entry is wiped

My etc/network/interface :

Bash: 
auto lo
iface lo inet loopback

iface enp4s0 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.29.77/24
        gateway 192.168.29.1
        bridge-ports enp4s0
        bridge-stp off
        bridge-fd 0
        post-up echo "2" > /proc/sys/net/ipv6/conf/vmbr0/accept_ra

iface enp5s0 inet manual

source /etc/network/interfaces.d/*
 
Is the IP address configured in your /etc/hosts file? The hostname need to resolve to the IPv6 address in order for it to be included in the management IP set.
 
shanreich said:
Is the IP address configured in your /etc/hosts file? The hostname need to resolve to the IPv6 address in order for it to be included in the management IP set.
Click to expand...

It wasn't configured :
Bash: 
127.0.0.1 localhost.localdomain localhost
192.168.29.77 homebase.router.lan homebase

# The following lines are desirable for IPv6 capable hosts

::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

I added in my current ip6, rebooted, but it doesn't populate the management set
Code: 
127.0.0.1 localhost.localdomain localhost
192.168.29.77 homebase.router.lan homebase
####:###:##:####:#####:#####:fe90:6f20 homebase.router.lan homebase

# The following lines are desirable for IPv6 capable hosts

::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

ipset list PVEFW-0-management-v6
Code: 
Name: PVEFW-0-management-v6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 64 maxelem 64 bucketsize 12 initval 0x93....
Size in memory: 1240
References: 5
Number of entries: 0
Members:
 
You must log in or register to reply here.
Top Bottom