I have a virtual machine running in VMware. It has Ubuntu 14.04 on it. I want to install LXC containers on it, and have them use the same address space as the virtual machine.
So, I created a bridge interface and put the ethernet port in it. I then have my LXC containers add their interface to the bridge.
In theory, this should just work. And on physical machines it has. I can ping by LXC containers from the LXC host (virtual) machine. But I can't ping them from anywhere else, including other VMware virtual machines.
I did some research, and it seems VMware's virtualized "switch" for the VLAN coming into the VMware host machine does not work like a normal switch. It already knows the MAC addresses of the machines attached to it, and drops traffic coming from any other MAC address. In essence, it does not learn MAC addresses because it already knows them. There is a VMware option to turn this off, but instead of making the virtual switch learn MAC addresses, it just turns it into the equivalent of a hub, with every machine on the virtual switch getting all traffic crossing the switch. (That is something I do not want to do -- both for performance and security concerns).
So, I am left thinking I need to do the equivalent of NAT except at the ethernet level for outgoing packets on the bridge to make them what VMware thinks it should be. And then rewrite incoming packets that are actually for the containers back to the right mac address. To this end, I found https://wiki.debian.org/BridgeNetworkConnections#Setting_up_the_rules That seems like it should work. But I have one problem: I need to also do IPv6. While I think I can probably figure out how to rewrite stuff to an IPv6 address, I also need to rewrite the IPv6 equivalent of ARP so that hosts know where to find it in the first place too.
So, what rules do I need in ebtables to do ethernet level, MAC address "NAT" (rewriting outgoing MAC addresses) for IPv6?
