Skip to Content.
Sympa Menu

perfsonar-user - Re: [perfsonar-user] ip6tables and DHCPv6

Subject: perfSONAR User Q&A and Other Discussion

List archive

Re: [perfsonar-user] ip6tables and DHCPv6


Chronological Thread 
  • From: Andrew Lake <>
  • To: Marek Elias <>
  • Cc: ,
  • Subject: Re: [perfsonar-user] ip6tables and DHCPv6
  • Date: Wed, 20 Aug 2014 07:25:38 -0400

Hi,

Thanks for pointing this out. We also noticed this awhile back and it is
corrected in the forthcoming 3.4 release.

Thanks,
Andy


On Aug 20, 2014, at 5:56 AM, Marek Elias
<>
wrote:

> hello,
>
> perfsonar /etc/sysconfig/ip6tables does not contain an rule like this:
> -A INPUT -m state --state NEW -m udp -p udp --dport 546 --sport 547 -s
> fe80::/10 -d fe80::/10 -j ACCEPT
> this rule ACCEPTs the DHCPv6 replies. this is merely a kernel connection
> tracking bug since this reply should fit to the ESTABLISHED,RELATED
> rule, but unfortunately it does not.
>
> see this for more info:
> https://bugzilla.redhat.com/show_bug.cgi?id=656334
>
> without this rule, dhclient -6 properly asks for lease and the server
> properly replies, but dhclient does not get the reply. After adding this
> rule, everything works fine.
>
> I see that they decided to repair this in kernel, but I still think that
> in this case, when a special ip6tables rules are shipped with perfsonar,
> the workaround should be applied within these rules.
>
> This is not a major issue for the rest of our machines since they
> generaly don't use iptables. But the perfsonars are an exception, they
> use ip6tables and without this rule they have problems with DHCPv6.
>
> [root@ps01-l
> ~]# cat /etc/redhat-release
> CentOS release 6.5 (Final)
> [root@ps01-l
> ~]# uname -a
> Linux ps01-l.farm.particle.cz 2.6.32-431.20.3.el6.aufs.web100.i686 #1
> SMP Fri Jun 20 20:09:03 UTC 2014 i686 i686 i386 GNU/Linux
>
> toolkit version: 3.3.2
>
> marek elias




Archive powered by MHonArc 2.6.16.

Top of Page