Hallo zusammen,
ich versuche seit einiger Weile mit einem Teil der zur Verfügung gestellten IPv6-Adressen LXC-Container direkt zu adressieren. Bisher eher mit mäßigem Erfolg.
Basis der Aktion war dieser Artikel sowie die dort verlinkten Beiträge: https://youngryan.com/2019/02/…-lxd-containers-on-a-vps/
Hostsystem ist Ubuntu 18.04
Mit Ubuntu 18.04 im container kann ich aktuell eine IPv6 aus dem zugewiesenen Pool beziehen, jedoch geht kein traffic durch.
Mein Subnetz ist 2a03:xxx:xxx:1bd::/64 und für LXC möchte ich 2a03:xxx:xxx:1bd:feed:beef::/112 zuweisen.
Da ich nicht genau weiß ich noch hinschauen soll versuche ich an dieser Stelle so viele Informationen wie möglich bereitzustellen um der Sache auf den Grund zu gehen. Falls etwas fehlt, reiche ich gerne nach.
Vielleicht hat jemand eine Idee.
Viele Grüße
#cat /etc/netplan/50-cloud-init.yaml
#Subnet: 2a03:xxx:xxx:1bd::/64
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 192.xxx.xxx.216/22
- 2a03:xxx:xxx:1bd:24f6:1eff:fec8:8715/128
- 2a03:xxx:xxx:1bd::1/128
gateway4: 192.xxx.xxx.1
gateway6: fe80::1
match:
macaddress: 26:xx:xx:xx:xx:15
Alles anzeigen
#cat /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.xxx.xxx.216/22
gateway 192.xxx.xxx.1
up ip -6 address add 2a03:xxx:xxx:1bd:feed:beef::/128 dev eth0
up ip -6 route add 2a03:xxx:xxx:1bd::1/128 onlink dev eth0
up ip -6 route add default via fe80::1
down ip -6 route delete default via fe80::1
down ip -6 route delete 2a03:xxx:xxx:1bd::1/128 onlink dev eth0
down ip -6 address delete 2a03:xxx:xxx:1bd:feed:beef::/128 dev eth0
Alles anzeigen
#lxc network show lxdbr0
config:
ipv4.address: 10.243.234.1/24
ipv4.nat: "true"
ipv6.address: 2a03:xxx:xxx:1bd:feed:beef:0:1/112
ipv6.dhcp.stateful: "true"
ipv6.firewall: "true"
ipv6.nat: "false"
ipv6.routing: "true"
description: ""
name: lxdbr0
type: bridge
used_by:
- /1.0/instances/clear-magpie
- /1.0/instances/steam
managed: true
status: Created
locations:
- none
Alles anzeigen
cat /etc/ndppd.conf
proxy eth0 {
rule 2a03:4000:xxx:xxx:feed:beef::/112 {
iface lxdbr0
router no
auto
}
}
#ip a (Host-System)
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 26:f6:1e:c8:87:15 brd ff:ff:ff:ff:ff:ff
inet 192.xxx.xxx.216/22 brd 192.145.47.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2a03:xxx:xxx:1bd::1/128 scope global
valid_lft forever preferred_lft forever
inet6 2a03:xxx:xxx:1bd:24f6:1eff:fec8:8715/128 scope global
valid_lft forever preferred_lft forever
inet6 fe80::24f6:1eff:fec8:8715/64 scope link
valid_lft forever preferred_lft forever
10: lxdbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 52:d9:f4:55:98:7e brd ff:ff:ff:ff:ff:ff
inet 10.243.234.1/24 scope global lxdbr0
valid_lft forever preferred_lft forever
inet6 2a03:xxx:xxx:1bd:feed:beef:0:1/112 scope global
valid_lft forever preferred_lft forever
inet6 fe80::602c:55ff:fe94:7c14/64 scope link
valid_lft forever preferred_lft forever
12: veth2abc896b@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxdbr0 state UP group default qlen 1000
link/ether 52:d9:f4:55:98:7e brd ff:ff:ff:ff:ff:ff link-netnsid 0
14: veth72ad2d0d@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxdbr0 state UP group default qlen 1000
link/ether 66:28:1c:84:ae:0c brd ff:ff:ff:ff:ff:ff link-netnsid 1
Alles anzeigen
#ip a (Gast-System)
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
11: eth0@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:e5:24:8a brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.243.234.196/24 brd 10.243.234.255 scope global dynamic eth0
valid_lft 2204sec preferred_lft 2204sec
inet6 2a03:xxx:xxx:1bd:feed:beef:0:1450/128 scope global
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:fee5:248a/64 scope link
valid_lft forever preferred_lft forever
Alles anzeigen
#ip -6 route show (Host-System)
2a03:xxx:xxx:1bd::1 dev eth0 proto kernel metric 256 pref medium
2a03:xxx:xxx:1bd:24f6:1eff:fec8:8715 dev eth0 proto kernel metric 256 pref medium
2a03:xxx:xxx:1bd:feed:beef::/112 dev lxdbr0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev lxdbr0 proto kernel metric 256 pref medium
default via fe80::1 dev eth0 proto static metric 1024 pref medium
#ip -6 route show (Gast-System)
2a03:xxx:xxx:1bd:feed:beef:0:1450 dev eth0 proto kernel metric 256 pref medium
2a03:xxx:xxx:1bd:feed:beef::/112 dev eth0 proto ra metric 100 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default via fe80::602c:55ff:fe94:7c14 dev eth0 proto ra metric 100 mtu 1500 pref medium
ip6tables -t nat -vnL
Alle Chains ACCEPT
ip6tables -vnL
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp lxdbr0 * ::/0 ::/0 tcp dpt:53 /* generated for LXD network lxdbr0 */
2 235 ACCEPT udp lxdbr0 * ::/0 ::/0 udp dpt:53 /* generated for LXD network lxdbr0 */
19 2385 ACCEPT udp lxdbr0 * ::/0 ::/0 udp dpt:547 /* generated for LXD network lxdbr0 */
60 4200 ACCEPT all lo * ::/0 ::/0
422 3078K ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp * * ::/0 2a03:xxx:xxx:1bd:24f6:1eff:fec8:8715 tcp dpt:80 state NEW limit: avg 50/min burst 100 /* apache */
0 0 ACCEPT tcp * * ::/0 2a03:xxx:xxx:1bd:24f6:1eff:fec8:8715 tcp dpt:443 state NEW limit: avg 500/min burst 1000 /* apache */
0 0 ACCEPT tcp * * ::/0 2a03:xxx:xxx:1bd::1 tcp dpt:50001 state NEW limit: avg 250/min burst 1000
6 660 ACCEPT udp * * ::/0 2a03:xxx:xxx:1bd::1 udp dpt:50001 limit: avg 250/min burst 1000
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 1
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 2
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 3
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 4
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 128 limit: avg 15/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 129 limit: avg 15/sec burst 5
24 2048 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 134 HL match HL == 255
147 10584 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 135 HL match HL == 255
38 2480 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 136 HL match HL == 255
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 137 HL match HL == 255
18 1008 DROP all * * ::/0 ::/0
Chain FORWARD (policy ACCEPT 13 packets, 960 bytes)
pkts bytes target prot opt in out source destination
3 216 ACCEPT all * lxdbr0 ::/0 ::/0 /* generated for LXD network lxdbr0 */
34 3392 ACCEPT all lxdbr0 * ::/0 ::/0 /* generated for LXD network lxdbr0 */
Chain OUTPUT (policy ACCEPT 1042 packets, 95825 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp * lxdbr0 ::/0 ::/0 tcp spt:53 /* generated for LXD network lxdbr0 */
2 302 ACCEPT udp * lxdbr0 ::/0 ::/0 udp spt:53 /* generated for LXD network lxdbr0 */
19 3463 ACCEPT udp * lxdbr0 ::/0 ::/0 udp spt:547 /* generated for LXD network lxdbr0 */
Alles anzeigen