Hi
On 21/05/2024 04:01, jrmu wrote:
> Here is my configuration:
> Inside hypervisor:
> hypervisor$ cat /etc/hostname.em1
> inet 104.167.241.211 0xffffffc0
> inet6 2602:fccf:400:41:: 48
Why are you using 48 as mask here and not 64?
Here is a suggestion in term of routing.
From your configuration, you can even restrict the mask here since it's
a point to point between your hypervisor and your gateway.
something like
/etc/hostname.em1
inet6 2602:fccf::2 127
should be okay.
Of course you configure your gateway with
2602:fccf::3/127
> hypervisor$ cat /etc/mygate
> 104.167.241.193
> 2602:fccf:400::1
From my suggestion, you can change that IPv6 with 2602:fccf::3
Your gateway must have a (static) route saying we can reach
2602:fccf::/36 (or a any smaller subnet you will use in your hypervisor)
via em1.IPv6.address. I will pick 2602:fccf:400::/48 as the block you
plan to use for all your VMs.
Assuming your gateway is running OpenBSD, the route will be:
route add -inet6 2602:fccf:400::/48 2602:fccf::2
Now from the hypervisor, you originate that prefix. e.g
route add -inet6 -blackhole 2602:fccf:400::/48 ::1
All packets in that block by default is 'swallowed' here.
Now any subnet used by any interface (like vether0) here will be
reachable from the Internet and of course the VM as well will reach
other networks.
--
Willy Manga
