Give VM a static ipv6 address

I am a ”networking beginner“, so I hope this question makes sense.

I have an Ubuntu 22.04 server and a virtual machine based on qemu/multipass (also running Ubuntu 22.04). The goal is to have the web server running in the vm. I use port forwarding with ipv4 for that.

The machine has a single public ipv4 and a ipv6 /64 net.

I can connect to the web VM from the outside with ipv4 (port 80 and 443), but not with ipv6. What do I need to also have ipv6 connectivity for web? Do I need to enable port forwarding with ipv6 as well or should I rather (how) give the virtual machine a public ipv6 address from the /64 network?

Is there any other information I should provide?

A bit of an explanation to what I am getting at in the comments:

What I can gather is that you have a VPS that have native IPv6 connection and is residing on a /64 subnet.

On this machine you want to give a IPv6 address to virtual hosts such as QEMU/Multipass. You could have said Docker / Podman or other virtualisation software, it really doesn't matter much, since the general idea is the same.

All these virtual host runs normally on their own subnet, which means you need a separate /64 subnet if you want these hosts to communicate to the Internet via IPv6.

The reason is that the last 64 bit of the address is always reserved for hosts address due IP allocation schemes such as SLAAC or EUI-64 because they use the network MAC address as part of the generation of the IPv6 address.

Since your provider have only assigned a single /64 subnet to you you have to do some circumventing in order to give the virtual hosts a IPv6 address.

One way is hiding them behind a IPv6 NAT, but that defeats the whole purpose with IPv6.

The other option is to get a route able /64 subnet.

I doubt your hosting provider will give you one, so the next best thing is to use Tunnelbroker.net.

Here you can get both a routeable /64 and /48 subnet.

However:

Your troubles not done yet, since you now have a server with two outbound IPv6 connections, so you have to learn about source based routing also known as policy based routing.

In a nutshell you need to setup two routing tables.

• One for traffic originating from the host itself it uses the main routing table. It is called main in Linux.

• One for traffic originating from the virtual hosts. You can name it whatever you pleases such as tunnelbroker.

A quick note about the term default gateway:

The rule is there to tell where trafic goes if it is for a subnet not defined in any of the other rules in the routing table.

Therefore:

In the main routing table the default gateway is set to your hosting providers gateway since it handles traffic from your server to any machine not hosted on your server.

In the tunnelbroker routing table the default gateway is Tunnelbroker.net's default gateway since any traffic from the virtual host that is not destined for any other virtual hosts or server itself, needs to be forwarded through the link to Tunnelbroker.net.

Same kind if circumventing is also needed if you want to use VPN via IPv6 or even add IPv6 subnet to your home network, even though it is behind a Carrier Grade NAT.

In that case you need to make a site-to-site VPN connection to the server and add a rule to the main routing table on the server to tell it how to reach the IPv6 network at home and also add the same rule in the tunnelbroker routing table if you want the virtual hosts on the server to able to communicate with your home network.

Hope all this information can get you started on the right track. :-)