Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Basic setup of Proxmox in an OVH environment (Kimsufi example) with NAT and IPv6 enabled containers - Page 3
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Basic setup of Proxmox in an OVH environment (Kimsufi example) with NAT and IPv6 enabled containers

13»

Comments

  • MaouniqueMaounique Host Rep, Veteran

    @ebony said:

    @qeba said:

    @ebony said: working now thanks

    currently facing the same issues, how does you solve this? im able to ping to gateway IP but not working ping to google with IPv6.

    i had to always tracert ipv6.google.com to get it to fire on the VM a few hours later it would die unless u keep a ping6 open i had very bad ping6 on the server support fixed the ::1 address but would not fix anything else on the ipv6 orded a new server lower price less ram :( but that server just worked fine no problems at all run my minecraft server on a ipv6 and works great!

    That looks like the wrong bridging, i.e. you bridged to vmbr0 or the wrong gateway. It is likely you paid more attention in the new server.

    @lala_th said: How to create multiple VMs running webserver on ports 80/443 while using this NAT setup?

    If you mean over IPv4, you can't, just create on other ports and use something to redirect, such as Cloudflare. On IPv6, no problems.

    Thanked by 1lala_th
  • I have the same problem, I can ping to the IPv6 gateway on the host (xxxx:xxxx::1) from the VM. I can ping from the host to the VM (xxxx:xxxx:100). I can ping from host to google.con using ipv6. But the container can't ping to google.com using ipv6. I double checked ndppd config and running, the bridge on container, the ipv6 addresses and gateways. I have not clue what to do.

  • MaouniqueMaounique Host Rep, Veteran

    post configs here, I will take a look. Check if you enabled ipv6 forwarding first.

  • BertieBertie Member
    edited August 2023

    Thanks for this guide. I was able to finally get IPv6 finally properly up and running thanks to you.

    I know this is mentioned in the troubleshooting. When IPv4 port 80/443 is forwarded to a VM, all containers are no longer able to browse. Connections to github, docker, etc. time out. Ping and nslookup both still work.

    Unlike the troubleshooting, I wasn't able to get it consistently working after restarting the VM. I can curl google.com afterwards (sometimes), but curl to github.com and registry-1.docker.io both time out always, no matter how many times I restart the host or VM. At least my port 80/443 web servers are accessible.

    I am using the proxmox 7 template from OVH and have already tried reinstalling proxmox 7 to get it working.

    config (with anonymized IP):

    auto lo
    iface lo inet loopback
    
    iface eno1 inet manual
    
    auto vmbr0
    iface vmbr0 inet static
            address 198.27.64.100/24
            gateway 198.27.64.254
            bridge-ports eno1
            bridge-stp off
            bridge-fd 0
            hwaddress 2A:B1:8F:04:7C:D9
    
    iface vmbr0 inet6 static
        address 2607:5300:dead:beef::ffff/128
        post-up sleep 5; /sbin/ip -6 route add  2607:5300:dead:beff:ff:ff:ff:ff dev vmbr0
        post-up sleep 5; /sbin/ip -6 route add default via 2607:5300:dead:beff:ff:ff:ff:ff
        pre-down /sbin/ip -6 route del default via 2607:5300:dead:beff:ff:ff:ff:ff
        pre-down /sbin/ip -6 route del 2607:5300:dead:beff:ff:ff:ff:ff dev vmbr0
    
    auto vmbr6
    iface vmbr6 inet static
        address 10.0.0.254/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o vmbr0 -j MASQUERADE
        post-up iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.0.0.3
        post-up iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 10.0.0.3
        post-down iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.0.0.3
        post-down iptables -t nat -D PREROUTING -p tcp --dport 443 -j DNAT --to-destination 10.0.0.3
    
    iface vmbr6 inet6 static
        address 2607:5300:dead:beef::1/64
    

    This is a bit of a shot in the dark - I don't think anyone really knows what's causing this.

    I'm happy just only using IPv6 at this point; since I finally managed to get that working thanks to you :smile: and I can just use IPv6 reverse proxy from Cloudflare. Alternatively, I can just defy best practice and setup the reverse proxy on the hypervisor itself.

  • MaouniqueMaounique Host Rep, Veteran
    edited August 2023

    I know what is causing it. The interface is not specified and the system gets confused.

    Change this:

    @Bertie said: post-up iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.0.0.3
    post-up iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 10.0.0.3

    Into this:

    post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.3
    post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to-destination 10.0.0.3

    And the subsequent post-down stanzas.

    Sorry for being lazy, I will have to update the guide as many people have complex setups with multiple bridges etc. So far That issue only appeared for those but it looks like 2 bridges can also be enough to confuse the system.

    Thanked by 2Not_Oles Bertie
  • @Maounique said: Sorry for being lazy, I will have to update the guide as many people have complex setups with multiple bridges etc. So far That issue only appeared for those but it looks like 2 bridges can also be enough to confuse the system.

    Thanks, that worked, and definitely don't think you're lazy, you got me way further than I would've on my own and I'm very appreciative. I don't think anyone else came up with a viable tutorial on dealing with the quirks of Kimsufi's IPv6 routing.

    Thanked by 1Maounique
Sign In or Register to comment.