libvirt can do IPv6 NAT by itself in NAT forwarding mode if you give it the ipv6='yes' attribute. But that adds a bunch of firewall rules and I don't want it mucking up my already existing firewall rules.
I think it'd be pretty clean and lean to implement the rules myself for NAT, that way I could strip away the unnecessary stuff and customize it to my needs.
I tried putting libvirt network in open forwarding mode and setting up my own NAT by just putting every chain everywhere to ACCEPT and then throwing in a MASQUERADE in the NAT table for IPv6.
I figured this would do the trick, but when I do that, the guest can't send anything through the NAT. Like pinging an IPv6 address (like an actual address, so not a DNS related issue) just drops the packets.
What more is there to do? I figure MASQUERADing is all there is. If everything else is set to accept, what could be going wrong? Is there something that libvirt does in it's default NAT mode for IPv6 that I'm not doing? Some weird IPv6 special behavior you have to have?
I should mention that the same setup works just fine for IPv4, just IPv6 doesn't seem to want me to setup my own NAT rules.
Thanks in advance.
