Allow NAT for IPv6. #79
Conversation
|
And, this is how I use the feature ... simple_iptables_rule 'dockernat' do
table 'nat'
direction 'POSTROUTING'
rule "-s 2a00:b000:1000:1::/64 -o eth0"
jump "MASQUERADE"
ip_version :ipv6
end
simple_iptables_rule 'fwdrel' do
direction 'FORWARD'
rule '-m state --state ESTABLISHED,RELATED'
ip_version :ipv6
end
simple_iptables_rule 'dockerfwd' do
direction 'FORWARD'
rule "-i docker0 -o eth0"
ip_version :ipv6
end |
|
PS. According to http://serverfault.com/questions/470169/snat-in-ip6tables IPv6 NAT came in with Kernel 3.7. I note the assumed "evilness" of what I'm doing but in this case I really have to use NAT, because Chef is running on a Rackspace VM which only has a single IPv6 address. |
|
I had a comment regarding a kernel version check that seems superfluous to me, but it looks good other than that. And, incidentally, I had to do something very similar under extremely similar circumstances, except with IPv4, so I wouldn't worry about the "evilness" too much. |
|
Agreed - not evil at all. I've said as much on the linked ServerFault page. |
|
Hold off on this. I've just noticed that nat rules are written out even if there are no defined rules. This would probably break on older kernels. I'll do a bit more on this tomorrow. |
2. Don't set up the IPv6 NAT table if no NAT rules are defined.
|
Thanks @andrewheald! |
|
Thank you, @rtkrruvinskiy. |
|
Hi @rtkrruvinskiy - I've just noticed 0.7.5 hasn't gone out to Supermarket. Please push when you can. |
I've been working on a Docker related project and needed to sort out routing to the Internet when the Docker host VM only has a single IPv6 address. I was surprised to find that ip6tables, in Ubuntu Trusty at least, supports a "nat" table. This patch is to allow simple_iptables to support it too. I've tried it - it works.
Thanks,
Andrew.