Мы будем использовать хост в качестве прокси для IPv6. Прежде всего, вам нужно установить Npd6, чтобы обнаружить всех соседей IPv6: apt-get install npd6, настроить его: /etc/npd6.conf
prefix=2001:41d0:XXXX:17ba:
interface = vmbr0
... Сделав это, все адреса IPv6 контейнеров будут автоматически добавлены как соседи. Затем необходимо настроить: /etc/sysctl.conf
vm.max_map_count=262144
fs.protected_hardlinks=1
fs.protected_symlinks=1
### IPv4
net.ipv4.conf.all.rp_filter=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp=0
net.ipv4.ip_forward=1
kernel.sysrq=1
net.ipv4.conf.default.send_redirects=1
net.ipv4.conf.all.send_redirects=0
### IPv6
net.ipv6.conf.eno1.autoconf=0
net.ipv6.conf.vmbr0.autoconf=0
net.ipv6.conf.eno1.accept_ra=0
net.ipv6.conf.vmbr0.accept_ra=0
net.ipv6.conf.all.accept_redirects=0
net.ipv6.conf.all.router_solicitations=1
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.proxy_ndp=1
net.ipv6.conf.default.proxy_ndp=1
net.ipv6.bindv6only=1 и: /etc/network/interfaces
auto lo
iface lo inet loopback
iface lo inet6 loopback
auto eno1
iface eno1 inet manual
auto vmbr0
# Основной мост IPv4
iface vmbr0 inet static
address 51.XXX.53.186
netmask 255.255.255.0
gateway 51.XXX.53.254
bridge_ports eno1
bridge_stp off
bridge_fd 0
# Резервный IP #1
up ip addr add 51.XXX.245.61/32 dev vmbr0
down ip addr del 51.XXX.245.61/32 dev vmbr0
# Резервный IP #2
up ip addr add 51.XXX.245.70/32 dev vmbr0
down ip addr del 51.XXX.245.70/32 dev vmbr0
# Внутренняя сеть #1
up ip addr add 192.168.1.1/24 dev vmbr0
down ip addr del 192.168.1.1/24 dev vmbr0
# Внутренняя сеть #2
up ip addr add 192.168.2.1/24 dev vmbr0
down ip addr del 192.168.2.1/24 dev vmbr0
# Основной адрес IPv6
iface vmbr0 inet6 static
address 2001:41d0:XXXX:17ba::ffff
netmask 128
# Шлюз IPv6
post-up sleep 5; /sbin/ip -6 route add 2001:41d0:XXXX:17FF:FF:FF:FF:FF dev vmbr0
post-up sleep 5; /sbin/ip -6 route add default via 2001:41d0:XXXX:17FF:FF:FF:FF:FF
pre-down /sbin/ip -6 route del default via 2001:41d0:XXXX:17FF:FF:FF:FF:FF
pre-down /sbin/ip -6 route del 2001:41d0:XXXX:17FF:FF:FF:FF:FF dev vmbr0
# Добавление шлюза IPv6 в соседи
post-up /sbin/ip -f inet6 neigh add proxy 2001:41d0:XXXX:17FF:FF:FF:FF:FF dev vmbr0
# Включение NPD и пересылки
post-up echo 1 > /proc/sys/net/ipv6/conf/all/proxy_ndp
post-up echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
post-up echo 1 > /proc/sys/net/ipv6/conf/default/forwarding Настроить DNS-серверы для IPv6: /etc/resolv.conf
search myserver.com
nameserver 2001:4860:4860::8888
nameserver 8.8.8.8 Сделать NAT для IPv4 с помощью некоторых правил:
-A POSTROUTING -s 192.168.1.0/24 -o eno1 -j SNAT --to-source 51.XXX.245.61
-A POSTROUTING -s 192.168.2.0/24 -o eno1 -j SNAT --to-source 51.XXX.245.70
# Какое-то правило для контейнера с IP 192.168.1.100
-A PREROUTING -p tcp -m tcp -d 51.XXX.245.61 -i vmbr0 --dport 80 -j DNAT --to-destination 192.168.1.100:80
# Какое-то правило для контейнера с IP 192.168.2.100
-A PREROUTING -p tcp -m tcp -d 51.XXX.245.70 -i vmbr0 --dport 80 -j DNAT --to-destination 192.168.2.100:80 Перезагрузите и проверьте подключение хоста:
root@srv001:~/# ping google.com
PING google.com(fra16s12-in-x0e.1e100.net (2a00:1450:4001:818::200e)) 56 data bytes
64 bytes from fra16s12-in-x0e.1e100.net (2a00:1450:4001:818::200e): icmp_seq=1 ttl=51 time=4.50 ms
64 bytes from fra16s12-in-x0e.1e100.net (2a00:1450:4001:818::200e): icmp_seq=2 ttl=51 time=4.58 ms
64 bytes from fra16s12-in-x0e.1e100.net (2a00:1450:4001:818::200e): icmp_seq=3 ttl=51 time=3.57 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 4ms
rtt min/avg/max/mdev = 3.571/4.215/4.578/0.456 ms
root@srv001:~/# ping6 ipv6.google.com
PING ipv6.google.com(fra15s17-in-x0e.1e100.net (2a00:1450:4001:81c::200e)) 56 data bytes
64 bytes from fra15s17-in-x0e.1e100.net (2a00:1450:4001:81c::200e): icmp_seq=1 ttl=51 time=4.34 ms
64 bytes from fra15s17-in-x0e.1e100.net (2a00:1450:4001:81c::200e): icmp_seq=2 ttl=51 time=4.33 ms
64 bytes from fra15s17-in-x0e.1e100.net (2a00:1450:4001:81c::200e): icmp_seq=3 ttl=51 time=4.26 ms
^C
--- ipv6.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 4ms
rtt min/avg/max/mdev = 4.263/4.313/4.343/0.064 ms Затем настроим контейнер:
/etc/network/interfaces
auto lo
iface lo inet loopback
iface lo inet6 loopback
auto eth0
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
gateway 192.168.1.1
iface eth0 inet6 static
address 2001:41d0:XXXX:17ba::1:100
netmask 64
# --- НАЧАЛО PVE ---
post-up ip route add 2001:41d0:XXXX:17FF:FF:FF:FF:FF dev eth0
post-up ip route add default via 2001:41d0:XXXX:17FF:FF:FF:FF:FF dev eth0
pre-down ip route del default via 2001:41d0:XXXX:17FF:FF:FF:FF:FF dev eth0
pre-down ip route del 2001:41d0:XXXX:17FF:FF:FF:FF:FF dev eth0
# --- КОНЕЦ PVE --- и проверим подключение контейнера:
Bash: nginx ⌁ root /etc/nginx ping google.com
PING google.com(fra16s12-in-x0e.1e100.net (2a00:1450:4001:818::200e)) 56 data bytes
64 bytes from fra16s12-in-x0e.1e100.net (2a00:1450:4001:818::200e): icmp_seq=1 ttl=51 time=3.32 ms
64 bytes from fra16s12-in-x0e.1e100.net (2a00:1450:4001:818::200e): icmp_seq=2 ttl=51 time=3.49 ms
64 bytes from fra16s12-in-x0e.1e100.net (2a00:1450:4001:818::200e): icmp_seq=3 ttl=51 time=3.41 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 3.321/3.405/3.487/0.095 ms
nginx ⌁ root /etc/nginx ping6 ipv6.google.com
PING ipv6.google.com(fra15s17-in-x0e.1e100.net (2a00:1450:4001:81c::200e)) 56 data bytes
64 bytes from fra15s17-in-x0e.1e100.net (2a00:1450:4001:81c::200e): icmp_seq=1 ttl=51 time=3.19 ms
64 bytes from fra15s17-in-x0e.1e100.net (2a00:1450:4001:81c::200e): icmp_seq=2 ttl=51 time=2.88 ms
64 bytes from fra15s17-in-x0e.1e100.net (2a00:1450:4001:81c::200e): icmp_seq=3 ttl=51 time=3.20 ms
^C
--- ipv6.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 6ms
rtt min/avg/max/mdev = 2.876/3.087/3.200/0.156 ms Готово!
