[systemd-devel] systemd-nspawn and IPv6
Kai Krakow
hurikhan77 at gmail.com
Mon Apr 27 16:17:43 PDT 2015
Lennart Poettering <lennart at poettering.net> schrieb:
> On Mon, 27.04.15 20:08, Kai Krakow (hurikhan77 at gmail.com) wrote:
>
>> > Or in other words: ipv6 setup needs some manual networking setup on
>> > the host.
>>
>> Or there... Any pointers?
>
> Not really. You have to set up ipv6 masquerading with ip6tables. And
> ensure the containers get ipv6 addresses that are stable enough that
> you can refer to them from the ip6tables rules...
Somehow I thought I would be smart by adding this ExecPostStart script (OTOH
it's probably just time for bed):
#!/bin/bash
IFNAME=${1:0:14} # %I is passed here
if [ -n "$IFNAME" ]; then
IP=$(ip -6 addr show dev $IFNAME scope global | awk '/inet6/ { print
$2 }')
/sbin/sysctl net.ipv6.conf.$IFNAME.forwarding=1
[ -z "$IP" ] || /sbin/ip6tables -t nat -I POSTROUTING --source $IP
--dest ::/0
fi
exit 0
and adding Address=::0/126 to the [Network] section of ve-* devices...
But somehow it does not work. If I run it manually after starting the
container, it does its work. Of course, inside the container, it won't have
the counterpart address assigned (it works for DHCPv4 only).
If I modify the script to use scope link instead of global, it also works -
but that won't route anyways.
I suppose, when ExecPostStart is running, the link is just not ready yet. An
IP address fc00::... will be added to the interface, tho. So at least that
works.
--
Replies to list only preferred.
More information about the systemd-devel
mailing list