On a Debian bookworm host with LXC installed and IPv6 configured with /etc/default/lxc-net
Summary
USE_LXC_BRIDGE="true"
# Honor system's dnsmasq configuration
#LXC_DHCP_CONFILE=/etc/dnsmasq.conf
LXC_ADDR="10.6.83.1"
LXC_NETMASK="255.255.255.0"
LXC_NETWORK="10.6.83.0/24"
LXC_DHCP_RANGE="10.6.83.2,10.6.83.254"
LXC_DHCP_MAX="253"
LXC_IPV6_ADDR="fc16::216:3eff:fe00:1"
LXC_IPV6_MASK="64"
LXC_IPV6_NETWORK="fc16::/64"
LXC_IPV6_NAT="true"
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding will drop the default IPv6 route like, as shown below.
Summary
root@try7:/# ip -6 r
fc16::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default via fe80::216:3eff:fe00:0 dev eth0 proto ra metric 1024 expires 1784sec hoplimit 64 pref medium
root@try7:/# ping -c 1 -6 wikipedia.org
PING wikipedia.org(text-lb.esams.wikimedia.org (2a02:ec80:300:ed1a::1)) 56 data bytes
64 bytes from text-lb.esams.wikimedia.org (2a02:ec80:300:ed1a::1): icmp_seq=1 ttl=55 time=28.0 ms
--- wikipedia.org ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 28.041/28.041/28.041/0.000 ms
root@try7:/# echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
root@try7:/# ip -6 r
fc16::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
When installing LXC within LXC or when installing docker with IPv6 enabled, it also happens. In the case of LXC it is the exact same line in /usr/libexec/lxc/lxc-net and I suppose docker does something similar. Because there is no default route reaching public IPv6 ips does not work.
If you know how to resolve this in an idiomatic way, I’d be grateful.
Here is the config of the LXC container.
Summary
lxc.net.0.type = veth
lxc.net.0.hwaddr = 00:16:3e:da:d1:3f
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
lxc.include = /usr/share/lxc/config/debian.common.conf
lxc.tty.max = 4
lxc.arch = amd64
lxc.pty.max = 1024
lxc.apparmor.profile = unconfined
lxc.rootfs.path = dir:/var/lib/lxc/try2/rootfs
lxc.uts.name = try2
lxc.cap.drop =
lxc.cgroup2.devices.allow = b 10:229 rwm
lxc.mount.entry = /dev/fuse dev/fuse none bind,create=file 0 0
lxc.cgroup2.devices.allow = c 10:232 rwm
lxc.mount.entry = /dev/kvm dev/kvm none bind,create=file 0 0
lxc.cgroup2.devices.allow = c 10:237 rwm
lxc.cgroup2.devices.allow = b 7:* rwm
lxc.mount.entry = /dev/loop-control dev/loop-control none bind,create=file 0 0
lxc.cgroup2.devices.allow = c 10:236 rwm
lxc.mount.entry = /dev/mapper dev/mapper none bind,create=dir 0 0
security.nesting = true
lxc.cgroup2.devices.allow = c 10:200 rwm
lxc.mount.entry = /dev/net dev/net none bind,create=dir 0 0