Bug 552099
Summary: | system-config-firewall has no simple mechanism to enable IPv6 DHCPv6 client | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Frank Crawford <frank> |
Component: | system-config-firewall | Assignee: | Thomas Woerner <twoerner> |
Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 14 | CC: | bart.vanbrabant, cra, fabian.deutsch, frank, maurizio.antillon, psimerda, queria, richardfearn, tore, twoerner |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-08-16 21:15:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Frank Crawford
2010-01-04 02:13:00 UTC
This message is a reminder that Fedora 12 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 12. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '12'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 12's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 12 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping Still can't see anyway in the Fedora 14 to setup the firewall with system-config-firewall to accept DHCPv6 data. I'm using Fedora 15 and I have just tested it at a conference Internet and Technology 2011 in Prague (starting at IPv6 day, BTW). They had an experimental network with RA, stateless autoconfiguration of addresses, but DHCPv6 configuration of DNS. The DNS part failed with NetworkManager (IPv6 set to Automatic, IPv4 set to Disabled). NetworkManager called dhclient, dhclient sent DHCPv6 Information Request and tcpdump showed the host got DHCPv6 reply from the server. But dhclient asked again and again, until it gives up. I run into this after clean (my first) installation of Fedora (15, XFCE). After installation and setup of apache (which i enabled in firewall in xfce main menu - administration - firewall) i moved to setup dhclient for ipv6. I have RA+DHCPv6 on my router. I tried NM applet in xfce to enable ipv6 but no luck. So i switched to console and i got to the same point as mentioned in this bug. Evidence: - Router is :f859 bellow - Host with F15 is :41d8 dhclient -d -6 wlan0 at fedora tries to solicit ipv6 with "no answer from router" -------------------------------------------------------------------------- # dhclient -d -6 wlan0 Internet Systems Consortium DHCP Client 4.2.1-P1 Copyright 2004-2011 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Bound to *:546 Listening on Socket/wlan0 Sending on Socket/wlan0 PRC: Soliciting for leases (INIT). XMT: Forming Solicit, 0 ms elapsed. XMT: X-- IA_NA a5:a9:41:d8 XMT: | X-- Request renew in +3600 XMT: | X-- Request rebind in +5400 XMT: Solicit on wlan0, interval 1080ms. XMT: Forming Solicit, 1080 ms elapsed. XMT: X-- IA_NA a5:a9:41:d8 XMT: | X-- Request renew in +3600 XMT: | X-- Request rebind in +5400 XMT: Solicit on wlan0, interval 2170ms. ... and so on -------------------------------------------------------------------------- tcpdump on router revealed this (foreign packets removed): -------------------------------------------------------------------------- 12:12:04.547901 IP6 fe80::214:a5ff:fea9:41d8 > fe80::200:21ff:fe5c:f859: ICMP6, neighbor solicitation, who has fe80::200:21ff:fe5c:f859, length 32 12:12:04.547918 IP6 fe80::200:21ff:fe5c:f859 > fe80::214:a5ff:fea9:41d8: ICMP6, neighbor advertisement, tgt is fe80::200:21ff:fe5c:f859, length 24 12:12:05.442119 IP6 fe80::214:a5ff:fea9:41d8 > fe80::200:21ff:fe5c:f859: ICMP6, destination unreachable, unreachable prohibited fe80::214:a5ff:fea9:41d8, length 140 12:12:06.523644 IP6 fe80::214:a5ff:fea9:41d8 > fe80::200:21ff:fe5c:f859: ICMP6, destination unreachable, unreachable prohibited fe80::214:a5ff:fea9:41d8, length 140 12:12:07.487287 IP6 fe80::200:21ff:fe5c:f859 > ff02::1:ff4e:d277: ICMP6, neighbor solicitation, who has fe80::222:fcff:fe4e:d277, length 32 12:12:07.536033 IP6 fe80::222:fcff:fe4e:d277 > fe80::200:21ff:fe5c:f859: ICMP6, neighbor advertisement, tgt is fe80::222:fcff:fe4e:d277, length 32 12:12:08.695056 IP6 fe80::214:a5ff:fea9:41d8 > fe80::200:21ff:fe5c:f859: ICMP6, destination unreachable, unreachable prohibited fe80::214:a5ff:fea9:41d8, length 140 12:12:08.959189 IP6 fe80::200:21ff:fe5c:f859 > ff02::1: ICMP6, router advertisement, length 56 -------------------------------------------------------------------------- and finally ip6tables on fedora client shows: -------------------------------------------------------------------------- # ip6tables -vnL --line-numbers Chain INPUT (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT all * * ::/0 ::/0 state RELATED,ESTABLISHED 2 231 22120 ACCEPT icmpv6 * * ::/0 ::/0 3 0 0 ACCEPT all lo * ::/0 ::/0 4 0 0 ACCEPT tcp * * ::/0 ::/0 state NEW tcp dpt:22 5 0 0 ACCEPT tcp * * ::/0 ::/0 state NEW tcp dpt:80 6 5 660 REJECT all * * ::/0 ::/0 reject-with icmp6-adm-prohibited Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 REJECT all * * ::/0 ::/0 reject-with icmp6-adm-prohibited Chain OUTPUT (policy ACCEPT 12 packets, 1544 bytes) num pkts bytes target prot opt in out source destination -------------------------------------------------------------------------- So i think there should be default rule allowing dhcp configuration of ipv6 or at least optional way to enable it using firewall gui(...) tools? Maybe (if it is possible) such rule should be enabled if NM is configured to use ipv6 (from dhcp). Or at least it should be mentioned anywhere/somewhere else then just in this bugreport. Related: bug 591630 This message is a notice that Fedora 14 is now at end of life. Fedora has stopped maintaining and issuing updates for Fedora 14. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At this time, all open bugs with a Fedora 'version' of '14' have been closed as WONTFIX. (Please note: Our normal process is to give advanced warning of this occurring, but we forgot to do that. A thousand apologies.) Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, feel free to reopen this bug and simply change the 'version' to a later Fedora version. Bug Reporter: Thank you for reporting this issue and we are sorry that we were unable to fix it before Fedora 14 reached end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged to click on "Clone This Bug" (top right of this page) and open it against that version of Fedora. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping |