[systemd-devel] IPv6 forwarding inside systemd-nspawn containers
Egor M.
dsx+systemd-devel at droidnest.org
Sat Jun 11 18:29:11 UTC 2016
Hello Lennart.
In this case there's a slight inconsistence somewhere since net.ipv4.ip_forward
setting is inherited from host but net.ipv6.conf.all.forwarding isn't. One way
or another, remounting /proc/sys r/w seems to be helping. I'll do more tests on
Monday and see if everything's fine. Thank you!
On Fri, Jun 10, 2016 at 03:18:10PM +0200, Lennart Poettering wrote:
> On Thu, 09.06.16 17:11, Egor M. (dsx+systemd-devel at droidnest.org) wrote:
>
> > Hello.
> >
> > How to enable IPv6 forwarding in systemd-nspawn containers? I have a container
> > with network-bridge (--network-bridge=br0). Despite of
> > net.ipv6.conf.all.forwarding value and corresponding interface values, IPv6
> > forwarding is still disabled inside container, while IPv4 forwarding inherited
> > correctly from host system and works just fine.
>
> Hmm, did I grok this right, you want to enable IPv4 forwarding inside
> the container, so that the container acts as router?
>
> Currently npsawn will mount all of /proc/sys read-only, under the
> assumption that these sysctl are not namespaced. Are you saying the
> networking controls are correctly namespaced, and thus can be set to
> different values from the host without interfering with it? If so, we
> should probably mount /proc/sys/net writable after all.
>
> If so, could you please file a PR about this, and we'll make the
> change in upstream nspawn.
>
> For now though you can just make /proc/sys/net writable manually and
> then set the right sysctl there...
>
> Lennart
>
> --
> Lennart Poettering, Red Hat
--
Egor M.
More information about the systemd-devel
mailing list