Firewalld, IPv6, no forwarding happening
Richard W.M. Jones
rjones at redhat.com
Fri May 22 18:08:52 UTC 2015
It turns out there are two problems.
(1) You must manually assign a public IPv6 address to at least one of
your router's interfaces. This is because when sending an IPv6
packet, the kernel chooses a source address by looking at the
addresses of all interfaces. If none of them has a public address, it
chooses some link local address as the source address, and of course
that's never going to work.
To do this, add an IPV6ADDR=... entry to
/etc/sysconfig/network-scripts/ifcfg-<some_interface>
That should be enough to get ping working.
(2) Firewalld filters all forwarded IPv6 packets. This appears to be
a massive bug, or at least it's a completely undocumented limitation.
https://bugzilla.redhat.com/show_bug.cgi?id=929426
The workaround can be found in that bug.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html
More information about the users
mailing list