Article ID: 115237, created on Dec 3, 2012, last review on May 10, 2014

  • Applies to:
  • Virtuozzo 6.0
  • Virtuozzo containers for Linux
  • Virtuozzo hypervisor

Symptoms

IPv6 network does not function properly inside a container. Hardware node is configured correctly and external hosts are accessible over IPv6, however these hosts are not accessible from the container.

Cause

Most likely the iptables chain FORWARD contains prohibiting rules.

Resolution

If the container works in host-routed mode then check iptables-save output for prohibiting entries and remove those, e.g.:

[root@server ~]# ip6tables-save
# Generated by ip6tables-save v1.4.7 on Mon Aug 20 23:28:37 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3833:285729]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
COMMIT
# Completed on Mon Aug 20 23:28:37 2012

If the container works in bridged mode, then similar rules may also affect the networking. In order to bypass iptables rules for bridged containers disable corresponding check in sysctl:

# sysctl net.bridge.bridge-nf-call-ip6tables=0

In order to preserve changes after reboot:

# echo "net.bridge.bridge-nf-call-ip6tables = 0" >> /etc/sysctl.conf

Search Words

default gateway ipv6

d02f9caf3e11b191a38179103495106f 2897d76d56d2010f4e3a28f864d69223 0dd5b9380c7d4884d77587f3eb0fa8ef a26b38f94253cdfbf1028d72cf3a498b e8e50b42231236b82df27684e7ec0beb c62e8726973f80975db0531f1ed5c6a2

Email subscription for changes to this article
Save as PDF