Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


IPv6 w/ radvd, ip6tables, etc
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

IPv6 w/ radvd, ip6tables, etc

Hello,

I have a dedicated server, under which I run some VM's on with kvm.

I've had the IPv6 addresses in the VM's just statically configured, but recently I installed radvd+dibber-server because I was testing using DHCPv6 to assign the IPv6 to a VM.

Well, today I noticed with 'tcpdump -i eth0 ip6' alot of IPv6 traffic with those sort of auto-generated IPv6 addresses (starting with my /64), to stuff like facebook etc (so it isn't my VM's, and I stopped the 1 VM I had running that was using DHCPv6).

The traffic stops when I stop radvd, back to it's usual level, and starts up again as soon as I start radvd again.

I checked with my VM's to make sure they didn't have any of those auto-generated style IPv6 addresses added to their interfaces, and they don't.

radvd was listening on br0, which includes eth0, and vnet0/vnet2, is the router advertisements leaking out and other machines on the providers network picking it up?

Can I block outgoing router advertisements/whatever, I tried briefly by blocking icmpv6 with ip6tables, it didn't seem to make a difference though.

I'm definately an IPv6 rookie and don't really understand whats going on.

Thanks,
Reetus

Comments

  • rm_rm_ IPv6 Advocate, Veteran
    edited December 2014

    said: radvd was listening on br0

    Not listening, it was broadcasting to br0.

    which includes eth0, and vnet0/vnet2, is the router advertisements leaking out

    Why "leaking out", they are being sent out in complete accordance with the setup that you have created, to eth0, which means to your provider's network and to other customers.

    and other machines on the providers network picking it up?

    Yes and you are wrecking their network config, assign them IPs from your range and reroute all their IPv6 traffic via your server (MITM).

    You should create a separate bridge just for the VMs and then set up routing between that one and eth0.

  • @rm_ said:
    You should create a separate bridge just for the VMs and then set up routing between that one and eth0.

    I'll do that, thanks.

Sign In or Register to comment.