[systemd-devel] IPv6 forwarding inside systemd-nspawn containers
Lennart Poettering
lennart at poettering.net
Fri Jun 10 13:18:10 UTC 2016
On Thu, 09.06.16 17:11, Egor M. (dsx+systemd-devel at droidnest.org) wrote:
> Hello.
>
> How to enable IPv6 forwarding in systemd-nspawn containers? I have a container
> with network-bridge (--network-bridge=br0). Despite of
> net.ipv6.conf.all.forwarding value and corresponding interface values, IPv6
> forwarding is still disabled inside container, while IPv4 forwarding inherited
> correctly from host system and works just fine.
Hmm, did I grok this right, you want to enable IPv4 forwarding inside
the container, so that the container acts as router?
Currently npsawn will mount all of /proc/sys read-only, under the
assumption that these sysctl are not namespaced. Are you saying the
networking controls are correctly namespaced, and thus can be set to
different values from the host without interfering with it? If so, we
should probably mount /proc/sys/net writable after all.
If so, could you please file a PR about this, and we'll make the
change in upstream nspawn.
For now though you can just make /proc/sys/net writable manually and
then set the right sysctl there...
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list