Force outbound IPv6 traffic from /64 pool address on CentOS 7

Linode Staff

I have configured the primary and secondary IPv6 addresses in ifcfg-eth0 based on the examples in this guide, and I want to make it so all outgoing IPv6 traffic comes from the secondary.

I'm not sure if using something like a route6-eth0 network script or just changing the primary in ifcfg-eth0 to the pool address is the right way of doing things? With the current config I am able to ping the pool address, but all outgoing traffic is from the SLAAC address.

I have attempted a variety of commands using ip -6 route, but they are either invalid or simply not working. To test I am accessing a site on another Linode via its IPv6 address and tailing the logs, which is showing the SLAAC address.

1 Reply

To ensure stable networking, I don't recommend changing the primary in ifcfg-eth0, but according to this post it sounds like you can do this with a route6-eth0 script, or by designating the secondary as the home address. In my experience however, leveraging the firewall seems to work best for controlling the outbound source address, especially when I have configured multiple pool addresses.

You can use this one advanced firewalld-iptables direct interface rule to force all outbound IPv6 traffic to come from a single /64 pool address:

sudo firewall-cmd --permanent --direct --add-rule ipv6 nat POSTROUTING 0 -s $SLAAC -o eth0 -j SNAT --to-source $POOLIP

sudo firewall-cmd --reload

If only using iptables, the script in my answer here provides the syntax you need (similar to the above).


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct