User Tools

Site Tools


wiki:enable_ipv6_lxc_containers

Enable ipv6 for lxc containers

Add to container config (substitute correct ipv6 address):

  lxc.network.ipv6 = 2a01:123:11:99e:10:10:10:10/120
  lxc.network.ipv6.gateway = auto

Check firewall

/etc/shorewall6/rules

...
SSH(ACCEPT)	net		lxc:[2a01:123:11:99e:10:10:10:10]
Trcrt(ACCEPT)	net		lxc:[2a01:123:11:99e:10:10:10:10]
...

/etc/shorewall6/zones

...
#ZONE	TYPE	OPTIONS			IN			OUT
#					OPTIONS			OPTIONS
fw	firewall
net	ipv6
lxc	ipv6
...

/etc/shorewall6/interfaces

...
#ZONE	INTERFACE	OPTIONS
net     enp0s31f6       tcpflags
lxc	br0		bridge
...

and ipv6 forwarding on host

sysctl net.ipv6.conf.all.forwarding
sysctl -w net.ipv6.conf.all.forwarding=1

Edit /etc/sysctl.conf for persistence when rebooted if necessary.

Add ipv6 address to host's bridge interface

ip addr add 2a01:123:11:99e:10:10:10:1/120 dev br0

Example from /etc/network/interfaces:

...
iface br0 inet6 static
  address 2a01:123:11:99e:10:10:10:1
  netmask 120
...

Add ipv6 address and default route in container

Order of commands matter. First add containers ip address (otherwise you get RTNETLINK answers: No route to host).

ip addr add 2a01:123:11:99e:10:10:10:10/120 dev eth0
ip -6 route add default via 2a01:123:11:99e:10:10:17:1

Tested on

See also

References

wiki/enable_ipv6_lxc_containers.txt · Last modified: 2021/05/19 11:59 by antisa

Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki