IPv6 network does not function properly inside a container. Hardware node is configured correctly and external hosts are accessible over IPv6, however these hosts are not accessible from the container.
Most likely the iptables chain FORWARD contains prohibiting rules.
If the container works in host-routed mode then check iptables-save output for prohibiting entries and remove those, e.g.:
[root@server ~]# ip6tables-save # Generated by ip6tables-save v1.4.7 on Mon Aug 20 23:28:37 2012 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [3833:285729] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p ipv6-icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp6-adm-prohibited -A FORWARD -j REJECT --reject-with icmp6-adm-prohibited COMMIT # Completed on Mon Aug 20 23:28:37 2012
If the container works in bridged mode, then similar rules may also affect the networking. In order to bypass iptables rules for bridged containers disable corresponding check in sysctl:
# sysctl net.bridge.bridge-nf-call-ip6tables=0
In order to preserve changes after reboot:
# echo "net.bridge.bridge-nf-call-ip6tables = 0" >> /etc/sysctl.conf