Bug 460371

Summary: default /etc/sysconfig/ip6tables does not permit router advertisements
Product: [Fedora] Fedora Reporter: La Monte H.P. Yarroll7 <piggy-fedora>
Component: iptablesAssignee: Thomas Woerner <twoerner>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: medium    
Version: 9CC: piggy-fedora
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-09-08 14:56:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description La Monte H.P. Yarroll7 2008-08-27 20:13:54 UTC 
Description of problem:

Autoconfig of IPv6 addresses does not work because router advertisements are blocked.

Version-Release number of selected component (if applicable):

iptables v1.3.5 r1.2.1.100899

How reproducible:

Fully reproducible

Steps to Reproduce:
1. Arrange for a router to produce router advertisements (I used radvd on another Linux box).
2. In /etc/sysconfig/network set:
NETWORKING_IPV6=yes
3. In /etc/sysconfig/network-scripts/ifcfg-eth0 set
IPV6_AUTOCONF="yes"
IPV6INIT=yes

4. ifdown eth0;ifup eth0

Observe that no IPv6 global address is assigned to eth0.
 
Actual results:

[root@ss-111 ~]# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:02:0E:FA:10:08  
          inet addr:10.0.240.111  Bcast:10.0.240.255  Mask:255.255.255.0
          inet6 addr: fe80::202:eff:fefa:1008/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7239 errors:2 dropped:0 overruns:0 frame:2
          TX packets:5838 errors:2 dropped:0 overruns:0 carrier:2
          collisions:94 txqueuelen:1000 
          RX bytes:523238 (510.9 KiB)  TX bytes:621648 (607.0 KiB)


Expected results:

[root@ss-111 ~]# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:02:0E:FA:10:08  
          inet addr:10.0.240.111  Bcast:10.0.240.255  Mask:255.255.255.0
          inet6 addr: fc00::202:eff:fefa:1008/64 Scope:Global
          inet6 addr: fe80::202:eff:fefa:1008/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7239 errors:2 dropped:0 overruns:0 frame:2
          TX packets:5838 errors:2 dropped:0 overruns:0 carrier:2
          collisions:94 txqueuelen:1000 
          RX bytes:523238 (510.9 KiB)  TX bytes:621648 (607.0 KiB)

Additional info:

The fix is to add the following line to /etc/sysconfig/ip6tables:

[0:0] -A INPUT -p icmpv6 -m icmpv6 --icmpv6-type 134 -j ACCEPT
Comment 1 Thomas Woerner 2008-09-05 13:57:17 UTC 
Could it be that you are wither using a FC-6 system or an FC-6 iptables package in a F-9 system?

The default ipv6 firewall for F-9 contains the rule "-A INPUT -p ipv6-icmp -j ACCEPT", which permits all icmp messages.
Comment 2 La Monte H.P. Yarroll7 2008-09-08 14:49:23 UTC 
The problem was actually detected in CentOS 5.1. I thought I had traced the provinance of the package properly, but apparently not. Thanks for confirming that this is now fixed.