On Sat, Sep 21, 2019 at 11:28:56AM +0200, Thomas Luening wrote:
Hello @ all
With the rebuilding of my Server from Debian 9 to Debian 10, I also switch
from Virtual Box to Libvirt/KVM. Due to new requirements for the VMs, now I
have an actual problem, which unfortunately I can not solve. The problem has
already been discussed in the German Debian-Forum ... unfortunately also
without success.
The facts:
- ISP = Dual Stack with daily separation
- Host and VM = Debian 10
- The VMs are via macvtap-device regular LAN-Clients
- IPv4 = DHCP and NAT by DSL-Router
- IPv6 = GUA via RA and SLAAC (2003::/3)
- IPv4 works fine in the VM
- IPv6 (NDP, RA, SLAAC) works basically also fine in the VM
The existing problem in the VM:
- MAC-Based GUA (2000::/3) is ok, both inbound and outbound
- Outbound traffic via the second GUA (PE-Based) is filtered apparently,
but not via packetfiltering, I don't know where. There are no error
messages. On the part of the kernel in the VM and the IPv6-stack,
everything looks completely ok, no error messages, except that
Outbound-Traffic by the PE-Address is quietly blocked. The MAC-
Based IPv6 works unchanged and without error as before.
My questions:
1. Is there a special setting for the VM, to allow the use of Privacy
Extensions for IPv6 unlimited?
2. Or is that possibly even a known and at the moment unsolved problem?
3. Or is this a intended limitation of virtualization?
Can anyone help me with a solution or a hint? Thank you.
You mention you used 'macvtap' but not which mode of macvtap ? None the
less if you're using it in bridge mode, or passthroug hmode, there should
be no filtering of guest traffic in general, since the guest traffic is
forwarding at the ethernet layer, not IP layer.
The exception would be if you hve the br-netfilter extension loaded which
causes guest traffic to be processed by the host firewall.
Regards,
Daniel
--
|:
https://berrange.com -o-
https://www.flickr.com/photos/dberrange :|
|:
https://libvirt.org -o-
https://fstop138.berrange.com :|
|:
https://entangle-photo.org -o-
https://www.instagram.com/dberrange :|