[lxc-users] Can I setup a private nat ipv4 and a public ipv6 address at same time for a lxc2 container?

Fri Jun 2 14:46:06 UTC 2017

Greetings, littlebat!

> I have studied my question several days and searched many online resource,
> but didn't resolve this. The detail is too long, I describe a brief version below:

> I have a debian 9 host server installed lxc2 server, the host server has
> only one pulic ipv4 address, suppose it is 8.8.8.8, and a public /64 subnet
> ipv6 pool, suppose it is 8:8:8:8::/64, and the eth0 of host ipv6 is: 8:8:8:8::1/64.

> My goal is building the lxc unprivileged container, with a private nat ipv4
> address, suppose it is 10.1.0.10, so I use ip forward to access container
> from internet using public ipv4 plus port (suppose 8.8.8.8:2222forward
> to/from 10.1.0.10:22). And, at same time, I want assign container a public
> ipv6 address or ipv6 subnet( /112, can it be public accessed? ), so I can
> access container from internet using public ipv6(suppose 8:8:8:8::10/64 port
> 22 or 8:8:8:8::10/112 port 22 ? ). For simplifing question, suppose only
> assign a public ipv6 (not a public ipv6 subnet) address to the container.

> Util today, I can only setup both private nat ipv4(10.1.0.10) and private
> nat ipv6(8:8:8:8::10/112)

There's no such thing as NAT in IPv6.

> for the container, open ipv4 and ipv6 forward in /etc/sysctl.conf, and using
> iptables and ip6tables to forward public traffic to or from
> container(8.8.8.8:2222<->10.1.0.10:22,  8:8:8:8::1/64 port 2222 <->
> 8:8:8::10/112 port 22). This is done by create a "2. independent bridge"(a
> different bridge out of thin air and link your containers together
> on this bridge, but use forwarding to get it out on the internet or to get
> traffic into it. debian wiki: https://wiki.debian.org/LXC/SimpleBridge).
> reference: LXC host featuring IPv6 connectivity
> https://blog.cepharum.de/en/post/lxc-host-featuring-ipv6-connectivity.html

> And, I can create a "1. host-shared bridge"(a bridge out of your main
> network interface which will hold both the host's IP and the container's IP
> addresses. debian wiki: https://wiki.debian.org/LXC/SimpleBridge). Then, I
> can assign a public ipv6 address to the container. But, I can't assign a
> private nat ipv4 address to the container now. So, it is no way to public
> access container using ipv4 address(because the sole public ipv4 address only avalable on host network card).

> My question is:
> 1, Can I setup a private nat ipv4 and a public ipv6 address at same time for a lxc2 container?

Yes.

> 2, How to do it? 

Just route IPv6 addresses to container.
I.e. dedicate an IPv6 subnet to the containers on your bridge and just assign
IPv6 addresses in any way you could.

> any idea or online resource link is welcome.

What you must understand is that IPv6 and IPv4 is a two separate IP stacks.
Setup of one does not interfere with another, not in any way depend on it,
unless YOU make it so.

-- 
With best regards,
Andrey Repin
Friday, June 2, 2017 17:42:08

Sorry for my terrible english...