perfSONAR User Q&A and Other Discussion

[Marek Elias <>]

hello,

perfsonar /etc/sysconfig/ip6tables does not contain an rule like this:
-A INPUT -m state --state NEW -m udp -p udp --dport 546 --sport 547 -s
fe80::/10 -d fe80::/10 -j ACCEPT
this rule ACCEPTs the DHCPv6 replies. this is merely a kernel connection
tracking bug since this reply should fit to the ESTABLISHED,RELATED
rule, but unfortunately it does not.

see this for more info:
https://bugzilla.redhat.com/show_bug.cgi?id=656334

without this rule, dhclient -6 properly asks for lease and the server
properly replies, but dhclient does not get the reply. After adding this
rule, everything works fine.

I see that they decided to repair this in kernel, but I still think that
in this case, when a special ip6tables rules are shipped with perfsonar,
the workaround should be applied within these rules.

This is not a major issue for the rest of our machines since they
generaly don't use iptables. But the perfsonars are an exception, they
use ip6tables and without this rule they have problems with DHCPv6.

[root@ps01-l
 ~]# cat /etc/redhat-release 
CentOS release 6.5 (Final)
[root@ps01-l
 ~]# uname -a
Linux ps01-l.farm.particle.cz 2.6.32-431.20.3.el6.aufs.web100.i686 #1
SMP Fri Jun 20 20:09:03 UTC 2014 i686 i686 i386 GNU/Linux

toolkit version:        3.3.2

marek elias