Bug 460371 - default /etc/sysconfig/ip6tables does not permit router advertisements
default /etc/sysconfig/ip6tables does not permit router advertisements
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: iptables (Show other bugs)
9
All Linux
medium Severity low
: ---
: ---
Assigned To: Thomas Woerner
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-27 16:13 EDT by La Monte H.P. Yarroll7
Modified: 2008-09-08 10:56 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-09-08 10:56:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description La Monte H.P. Yarroll7 2008-08-27 16:13:54 EDT
Description of problem:

Autoconfig of IPv6 addresses does not work because router advertisements are blocked.

Version-Release number of selected component (if applicable):

iptables v1.3.5 r1.2.1.100899

How reproducible:

Fully reproducible

Steps to Reproduce:
1. Arrange for a router to produce router advertisements (I used radvd on another Linux box).
2. In /etc/sysconfig/network set:
NETWORKING_IPV6=yes
3. In /etc/sysconfig/network-scripts/ifcfg-eth0 set
IPV6_AUTOCONF="yes"
IPV6INIT=yes

4. ifdown eth0;ifup eth0

Observe that no IPv6 global address is assigned to eth0.
 
Actual results:

[root@ss-111 ~]# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:02:0E:FA:10:08  
          inet addr:10.0.240.111  Bcast:10.0.240.255  Mask:255.255.255.0
          inet6 addr: fe80::202:eff:fefa:1008/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7239 errors:2 dropped:0 overruns:0 frame:2
          TX packets:5838 errors:2 dropped:0 overruns:0 carrier:2
          collisions:94 txqueuelen:1000 
          RX bytes:523238 (510.9 KiB)  TX bytes:621648 (607.0 KiB)


Expected results:

[root@ss-111 ~]# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:02:0E:FA:10:08  
          inet addr:10.0.240.111  Bcast:10.0.240.255  Mask:255.255.255.0
          inet6 addr: fc00::202:eff:fefa:1008/64 Scope:Global
          inet6 addr: fe80::202:eff:fefa:1008/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7239 errors:2 dropped:0 overruns:0 frame:2
          TX packets:5838 errors:2 dropped:0 overruns:0 carrier:2
          collisions:94 txqueuelen:1000 
          RX bytes:523238 (510.9 KiB)  TX bytes:621648 (607.0 KiB)

Additional info:

The fix is to add the following line to /etc/sysconfig/ip6tables:

[0:0] -A INPUT -p icmpv6 -m icmpv6 --icmpv6-type 134 -j ACCEPT
Comment 1 Thomas Woerner 2008-09-05 09:57:17 EDT
Could it be that you are wither using a FC-6 system or an FC-6 iptables package in a F-9 system?

The default ipv6 firewall for F-9 contains the rule "-A INPUT -p ipv6-icmp -j ACCEPT", which permits all icmp messages.
Comment 2 La Monte H.P. Yarroll7 2008-09-08 10:49:23 EDT
The problem was actually detected in CentOS 5.1. I thought I had traced the provinance of the package properly, but apparently not. Thanks for confirming that this is now fixed.

Note You need to log in before you can comment on or make changes to this bug.