How to bridge only IPv6 and drop all IPv4 traffic on a Linux bridge wiith NFT?

Thor-x86_128

8/21/23, 10:04 PM

Currently, we have a network where apps on host and VMs are connected together and all VMs are behind the NAT as below

                ||=> Host
ISP Router => enp1s0
                |--> lxdbr0 => VM 1
                       ||====> VM 2
                       ||====> VM 3

Legends:

==> Passthrough connection
--> NAT connection

However, that approach wouldn't work for IPv6 because end-to-end connection is not possible via NAT connection. We wonder if passthrough only IPv6 is possible as below

                ||===IPv4===> Host
                ||             /\
                ||             ||
                ||            IPv6
                ||             ||
ISP Router => enp1s0 =IPv6=> ip6br0
                |              ||
                |             IPv6
                |              ||
                |              \/
                |---IPv4---> lxdbr0 => VM 1
                               ||====> VM 2
                               ||====> VM 3

The question is how to drop non-IPv6 connection with nft command on linux while NAT-ing IPv4? Keep in mind that ebtables is not supported anymore. So this 7 years old Q&A post won't work.

0 + 0

linux-networking

lxc

nftables

paladin

8/22/23, 7:25 AM

As far as I know, IPv6 is not being target of any NAT. NAT is for IPv4 only. There exist 2 kind of IPv6 addresses, global IPv6 addresses and link local IPv6 addresses. You don't need a bridge for IPv6, you just enable IPv6 on your router and your clients.

paladin

8/22/23, 7:35 AM

PS if you really want to "drop" IPv4, you do this with `iptables`. Just add a custom rule for your bridge interface. Keep in mind that something like this needs some CPU time.

Thor-x86_128

8/22/23, 5:57 PM

@paladin Any idea how to do that? If yes, please answer via answer section, I appreciate that

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to bridge only IPv6 and drop all IPv4 traffic on a Linux bridge wiith NFT?

TH: จะบริดจ์เฉพาะ IPv6 และปล่อยทราฟฟิก IPv4 ทั้งหมดบนลินุกซ์บริดจ์ด้วย NFT ได้อย่างไร

RO: Cum să faci o punte numai IPv6 și să renunți la tot traficul IPv4 pe un pod Linux cu NFT?

RU: Как подключить только IPv6 и отбросить весь трафик IPv4 на мост Linux с помощью NFT?

VI: Làm cách nào để chỉ kết nối IPv6 và loại bỏ tất cả lưu lượng truy cập IPv4 trên cầu nối Linux với NFT?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.