Answer the question
In order to leave comments, you need to log in
E
E
Eduard Gabdullin2014-04-02 16:53:05
Eduard Gabdullin, 2014-04-02 16:53:05
Why is the guest OS not pinging from the host over IPv6?
Good afternoon!
KVM virtualization environment (OS Centos 6.5) was raised on the Hetzner server.
Several VMs are running on a virtual machine on Centos 6.5.
The host machine has white IPv4.
Virtual machines use "gray" IPv4 behind NAT.
IPv6 must be used next to IPv4.
IPv6 is configured on both the host and guest systems. Inside the virtual network, guest machines ping each other, the host machine, and external network resources over IPv6. From the host machine or from external resources, ping6 goes inside the virtual network to a specific guest machine only after you ping the host machine from this guest or if there is other network activity from this guest system to the host or to external resources.
# virsh net-edit default
<network>
<name>default</name>
<uuid>e5e50b4a-8f28-4736-b7e1-daa3b5dbe22b</uuid>
<forward mode='nat'/>
<bridge name='virbr0' stp='on' delay='0' />
<mac address='mac-адрес'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.3' end='192.168.122.254' />
</dhcp>
</ip>
<ip family='ipv6' address='2a01:4f8:xxx:xxxx::2' prefix='64'>
</ip>
</network>sysctl.conf
### Hetzner Online AG installimage
# sysctl config
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.icmp_echo_ignore_broadcasts=1
# ipv6 settings (no autoconfiguration)
net.ipv6.conf.all.autoconf=0
net.ipv6.conf.all.accept_dad=0
net.ipv6.conf.all.accept_ra=0
net.ipv6.conf.all.accept_ra_defrtr=0
net.ipv6.conf.all.accept_ra_rtr_pref=0
net.ipv6.conf.all.accept_ra_pinfo=0
net.ipv6.conf.all.accept_source_route=0
net.ipv6.conf.all.accept_redirects=0
net.ipv6.conf.all.forwarding=1# route -A inet6 -n
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
2a01:4f8:xxx:xxxx::1/128 :: U 1024 1 0 eth0
2a01:4f8:xxx:xxxx::5/128 2a01:4f8:xxx:xxxx::5 UC 0 1 0 eth0
2a01:4f8:xxx:xxxx::/64 :: U 256 0 0 eth0
2a01:4f8:xxx:xxxx::/64 :: U 256 0 0 virbr0
fe80::/64 :: U 256 0 0 eth0
fe80::/64 :: U 256 0 0 virbr0
fe80::/64 :: U 256 0 0 vnet0
fe80::/64 :: U 256 0 0 vnet1
fe80::/64 :: U 256 0 0 vnet2
fe80::/64 :: U 256 0 0 vnet3
::/0 fe80::1 UG 1 18590 0 eth0
::/0 2a01:4f8:xxx:xxxx::1 UG 1024 0 0 eth0
::1/128 :: U 0 13 1 lo
2a01:4f8:xxx:xxxx::/128 :: U 0 0 1 lo
2a01:4f8:xxx:xxxx::/128 :: U 0 0 1 lo
2a01:4f8:xxx:xxxx::2/128 :: U 0 802 1 lo
2a01:4f8:xxx:xxxx::2/128 :: U 0 774 1 lo
fe80::/128 :: U 0 0 1 lo
fe80::/128 :: U 0 0 1 lo
fe80::/128 :: U 0 0 1 lo
fe80::/128 :: U 0 0 1 lo
fe80::/128 :: U 0 0 1 lo
fe80::/128 :: U 0 0 1 lo
fe80::5054:ff:fed6:7ec1/128 :: U 0 1457 1 lo
fe80::6e62:6dff:feb2:a454/128 :: U 0 914 1 lo
fe80::fc54:ff:feb1:3998/128 :: U 0 0 1 lo
fe80::fc54:ff:fec7:87a7/128 :: U 0 0 1 lo
fe80::fc54:ff:fed3:6720/128 :: U 0 0 1 lo
fe80::fc54:ff:fedb:904a/128 :: U 0 0 1 lo
ff00::/8 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 virbr0
ff00::/8 :: U 256 0 0 vnet0
ff00::/8 :: U 256 0 0 vnet1
ff00::/8 :: U 256 0 0 vnet2
ff00::/8 :: U 256 0 0 vnet3# brctl show
bridge name bridge id STP enabled interfaces
virbr0 8000.525400d67ec1 yes virbr0-nic
vnet0
vnet1
vnet2
vnet3# ip6tables -L -n -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp virbr0 * ::/0 ::/0 udp dpt:53
0 0 ACCEPT tcp virbr0 * ::/0 ::/0 tcp dpt:53
104 12504 ACCEPT all * * 2a01:4f8:xxx:xxxx::/64 ::/0
0 0 ACCEPT all lo * ::/0 ::/0
564 2701K ACCEPT all * * ::/0 ::/0 state RELATED,ESTABLISHED
3560 252K ACCEPT icmpv6 * * ::/0 ::/0
0 0 REJECT all * * ::/0 ::/0 reject-with icmp6-adm-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
497 141K ACCEPT all * virbr0 ::/0 2a01:4f8:xxx:xxxx::/64
2308 195K ACCEPT all virbr0 * 2a01:4f8:xxx:xxxx::/64 ::/0
0 0 ACCEPT all virbr0 virbr0 ::/0 ::/0
0 0 REJECT all * virbr0 ::/0 ::/0 reject-with icmp6-port-unreachable
0 0 REJECT all virbr0 * ::/0 ::/0 reject-with icmp6-port-unreachable
0 0 ACCEPT all virbr0 * 2a01:4f8:xxx:xxxx::/64 ::/0
4096 335K REJECT all * * ::/0 ::/0 reject-with icmp6-adm-prohibited
Chain OUTPUT (policy ACCEPT 8765 packets, 875K bytes)
pkts bytes target prot opt in out source destinationifconfig doesn't fit...
2 answer(s)
@gabdullin
@inkvizitor68sl
E
Eduard Gabdullin, 2014-04-06 @gabdullin
The solution, as always, turned out to be ingeniously simple!
Must be added to the /etc/sysconfig/network fileIPV6FORWARDING=yes
V
Vlad Zhivotnev, 2014-04-02 @inkvizitor68sl
https://debian.pro/1345
What is there about v4 - you can ignore
Similar questions
L
D
D
V
J
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question