Bug#540483: openvz: IPv6 netfilter not correctly virtualized
Hi Marco
Sorry for the late answer, but I have some questions to you:
1) Have you enabled IPv6 forwarding?
/sbin/sysctl -q -w net.ipv6.conf.all.forwarding=1
2) Is the HN node configured with static IPv6 configuration?
Best regards,
// Ola
On Sat, Aug 08, 2009 at 12:40:23PM +0200, Marco d'Itri wrote:
> Package: linux-2.6
> Version: 2.6.26-17lenny1
> Severity: normal
>
> This happens when I add -j LOG to the top of the INPUT and FORWARD
> chains and ping the VE (2001:4b78:1:0200::1) from an external host:
>
> Aug 8 12:28:06 web01 kernel: [70845.790963] IN=eth0 OUT=venet0 SRC=2001:1418:0001:0700:0000:0000:0000:000a DST=2001:4b78:0001:0200:0000:0000:0000:0001 LEN=104 TC=0 HOPLIMIT=59 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=11237 SEQ=1
>
> The same packet then *also* traverses the INPUT chain:
>
> Aug 8 12:28:06 web01 kernel: [70845.790963] IN=venet0 OUT= MAC= SRC=2001:1418:0001:0700:0000:0000:0000:000a DST=2001:4b78:0001:0200:0000:0000:0000:0001 LEN=104 TC=0 HOPLIMIT=59 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=11237 SEQ=1
>
> Looks like the IPv6 packets entering the VE (where I have not configured
> ip6tables) are incorrectly processed by the HN instead of the VE chains.
>
> Linux web01 2.6.26-2-openvz-686 #1 SMP Sun Jul 26 23:35:12 UTC 2009 i686 GNU/Linux
>
> --
> ciao,
> Marco
--
--------------------- Ola Lundqvist ---------------------------
/ opal@debian.org Annebergsslingan 37 \
| ola@inguza.com 654 65 KARLSTAD |
| http://inguza.com/ +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
Reply to: