I've got the following problem.
I have Hetzner server with 1 ipv4 and 1 subnet /64 of ipv6.
Im running xen virtualization for VPSes and got them working on IPv4 with the following config:
/etc/sysconfig/network-scripts/ifcfg-enp0s31f6
Code: Select all
DEVICE=enp0s31f6
ONBOOT=yes
BOOTPROTO=none
IPADDR=<HETZ_REAL_IP>
NETMASK=255.255.255.255
SCOPE="peer <HETZ_GW>"
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6ADDR=2a01:4f8:10b:1191::2/64
IPV6_DEFAULTGW=fe80::1
IPV6_DEFAULTDEV=enp0s31f6
ZONE=public
IPV6ADDR_SECONDARIES="2a01:4f8:10b:1191::1000:1/64 \
2a01:4f8:10b:1191::1000:2/64 \
2a01:4f8:10b:1191::1000:3/64 \
2a01:4f8:10b:1191::1000:4/64 \
2a01:4f8:10b:1191::1000:5/64 \
2a01:4f8:10b:1191::1000:6/64 \
2a01:4f8:10b:1191::1000:7/64 \
2a01:4f8:10b:1191::1000:8/64 \
2a01:4f8:10b:1191::1000:9/64 \
2a01:4f8:10b:1191::1000:10/64 \
2a01:4f8:10b:1191::1000:100/64"
Code: Select all
DEVICE="br0"
TYPE=Bridge
DELAY=0
BOOTPROTO=static
IPADDR=192.168.122.1
NETMASK=255.255.255.0
NETWORK=192.168.122.0
GATEWAY=<HETZ_REAL_IP>
firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i br0 -o enp0s31f6 -j ACCEPT
firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i enp0s31f6 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
and all is perfect.
However my problem is setting up the ipv6.
/etc/sysconfig/network-scripts/ifcfg-br1
Code: Select all
DEVICE="br1"
TYPE=Bridge
DELAY=0
BOOTPROTO=static
IPV4_FAILURE_FATAL=no
IPV6INIT="yes"
ONBOOT=yes
IPV6ADDR=10:2::1/64
IPV6_FAILURE_FATAL=no
IPV6_DEFROUTE=yes
IPV6_DEFAULTGW="2a01:4f8:10b:1191::1000:100"
I've tried the same firewall-cmd:
Code: Select all
firewall-cmd --direct --add-rule ipv6 filter FORWARD 0 -i br1 -o enp0s31f6 -j ACCEPT
firewall-cmd --direct --add-rule ipv6 filter FORWARD 0 -i enp0s31f6 -o br1 -m state --state RELATED,ESTABLISHED -j ACCEPT
Code: Select all
NETWORKING=yes
NETWORKING_IPV6=yes
IPV6FORWARDING=yes
HOSTNAME=CentOS-73-64-minimal
Code: Select all
net.ipv4.ip_forward = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.br1.accept_ra = 1
net.ipv6.conf.br1.accept_ra_defrtr = 1
net.ipv6.conf.br1.router_solicitations = 1
Code: Select all
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
::/96 :: !n 1024 0 0 lo
0.0.0.0/96 :: !n 1024 0 0 lo
10:2::/64 :: U 256 2 123 br1
2002:a00::/24 :: !n 1024 0 0 lo
2002:7f00::/24 :: !n 1024 0 0 lo
2002:a9fe::/32 :: !n 1024 0 0 lo
2002:ac10::/28 :: !n 1024 0 0 lo
2002:c0a8::/32 :: !n 1024 0 0 lo
2002:e000::/19 :: !n 1024 0 0 lo
2a01:4f8:10b:1191::/64 :: U 256 1 5 enp0s31f6
3ffe:ffff::/32 :: !n 1024 0 0 lo
fe80::/64 :: U 256 0 0 vif30.0-emu
fe80::/64 :: U 256 0 1 enp0s31f6
fe80::/64 :: U 256 0 21 br1
::/0 fe80::1 UG 1 8 1165 enp0s31f6
::/0 :: !n -1 1 67021 lo
::1/128 :: Un 0 9 532 lo
10:2::/128 :: Un 0 1 0 lo
10:2::1/128 :: Un 0 6 7 lo
2a01:4f8:10b:1191::/128 :: Un 0 1 0 lo
2a01:4f8:10b:1191::2/128 :: Un 0 1 0 lo
2a01:4f8:10b:1191::1000:1/128 :: Un 0 1 0 lo
2a01:4f8:10b:1191::1000:2/128 :: Un 0 2 3 lo
2a01:4f8:10b:1191::1000:3/128 :: Un 0 1 0 lo
2a01:4f8:10b:1191::1000:4/128 :: Un 0 1 0 lo
2a01:4f8:10b:1191::1000:5/128 :: Un 0 5 15 lo
2a01:4f8:10b:1191::1000:6/128 :: Un 0 7 64 lo
2a01:4f8:10b:1191::1000:7/128 :: Un 0 6 58 lo
2a01:4f8:10b:1191::1000:8/128 :: Un 0 1 0 lo
2a01:4f8:10b:1191::1000:9/128 :: Un 0 1 0 lo
2a01:4f8:10b:1191::1000:10/128 :: Un 0 8 80 lo
2a01:4f8:10b:1191::1000:100/128 :: Un 0 4 3 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::921b:eff:fecd:5475/128 :: Un 0 2 1 lo
fe80::fcff:ffff:feff:ffff/128 :: Un 0 1 0 lo
fe80::fcff:ffff:feff:ffff/128 :: Un 0 6 21 lo
ff00::/8 :: U 256 0 0 vif30.0-emu
ff00::/8 :: U 256 0 0 enp0s31f6
ff00::/8 :: U 256 3 7 br1
::/0 :: !n -1 1 67021 lo