perfSONAR User Q&A and Other Discussion

[Andrew Lake <>]

Hi,

Thanks for pointing this out. We also noticed this awhile back and it is 
corrected in the forthcoming 3.4 release. 

Thanks,
Andy


On Aug 20, 2014, at 5:56 AM, Marek Elias 
<>
 wrote:

> hello,
> 
> perfsonar /etc/sysconfig/ip6tables does not contain an rule like this:
> -A INPUT -m state --state NEW -m udp -p udp --dport 546 --sport 547 -s
> fe80::/10 -d fe80::/10 -j ACCEPT
> this rule ACCEPTs the DHCPv6 replies. this is merely a kernel connection
> tracking bug since this reply should fit to the ESTABLISHED,RELATED
> rule, but unfortunately it does not.
> 
> see this for more info:
> https://bugzilla.redhat.com/show_bug.cgi?id=656334
> 
> without this rule, dhclient -6 properly asks for lease and the server
> properly replies, but dhclient does not get the reply. After adding this
> rule, everything works fine.
> 
> I see that they decided to repair this in kernel, but I still think that
> in this case, when a special ip6tables rules are shipped with perfsonar,
> the workaround should be applied within these rules.
> 
> This is not a major issue for the rest of our machines since they
> generaly don't use iptables. But the perfsonars are an exception, they
> use ip6tables and without this rule they have problems with DHCPv6.
> 
> [root@ps01-l
>  ~]# cat /etc/redhat-release 
> CentOS release 6.5 (Final)
> [root@ps01-l
>  ~]# uname -a
> Linux ps01-l.farm.particle.cz 2.6.32-431.20.3.el6.aufs.web100.i686 #1
> SMP Fri Jun 20 20:09:03 UTC 2014 i686 i686 i386 GNU/Linux
> 
> toolkit version:      3.3.2
> 
> marek elias