0

Currently, we have a network where apps on host and VMs are connected together and all VMs are behind the NAT as below

                ||=> Host
ISP Router => enp1s0
                |--> lxdbr0 => VM 1
                       ||====> VM 2
                       ||====> VM 3

Legends:

==> Passthrough connection
--> NAT connection

However, that approach wouldn't work for IPv6 because end-to-end connection is not possible via NAT connection. We wonder if passthrough only IPv6 is possible as below

                ||===IPv4===> Host
                ||             /\
                ||             ||
                ||            IPv6
                ||             ||
ISP Router => enp1s0 =IPv6=> ip6br0
                |              ||
                |             IPv6
                |              ||
                |              \/
                |---IPv4---> lxdbr0 => VM 1
                               ||====> VM 2
                               ||====> VM 3

The question is how to drop non-IPv6 connection with nft command on linux while NAT-ing IPv4? Keep in mind that ebtables is not supported anymore. So this 7 years old Q&A post won't work.

Muhammad Dyas Yaskur
  • 497
  • 2
  • 19
Thor-x86_128
  • 1
  • 1
  • As far as I know, IPv6 is not being target of any NAT. NAT is for IPv4 only. There exist 2 kind of IPv6 addresses, global IPv6 addresses and link local IPv6 addresses. You don't need a bridge for IPv6, you just enable IPv6 on your router and your clients. – paladin Apr 22 '22 at 07:25
  • PS if you really want to "drop" IPv4, you do this with `iptables`. Just add a custom rule for your bridge interface. Keep in mind that something like this needs some CPU time. – paladin Apr 22 '22 at 07:35
  • @paladin Any idea how to do that? If yes, please answer via answer section, I appreciate that – Thor-x86_128 Apr 22 '22 at 17:57

0 Answers0