이상하게도 내 CentOS는 dhcpv6 서버로부터 dhcpv6 응답 메시지를 받을 수 없습니다. dhcpv6-client 규칙을 활성화했습니다.
인터페이스를 열려고 할 때마다 dhcpv6 요청 메시지가 전송되지만 dhcpv6 응답 메시지는 수신되지 않습니다. Wireshark를 사용하여 인터페이스 스니핑을 시도했지만 여전히 dhcpv6 응답 메시지가 수신되지 않았고 dhcpv6 요청 메시지만 발견되었습니다.
방화벽이 내 패킷을 차단하고 있는 것 같아요. Firewalld 서비스를 비활성화하면 dhcpv6 응답 메시지를 받을 수 있습니다. 그런데 방화벽이 dhcpv6 요청 메시지를 차단하는지, dhcpv6 응답 메시지를 차단하는지 모르겠습니다.
또한 내 centos는 매번 ipv6 라우터 광고 패킷을 처리하지 않습니다. 따라서 인터넷에 액세스하려면 기본 ipv6 게이트웨이를 구성해야 합니다. 이는 방화벽이 켜져 있거나 꺼져 있을 때 발생합니다. 설정 net.ipv6.conf.enp7s0.accept_ra=2을 시도했지만 net.ipv6.conf.enp7s0.forwarding=0모두 작동하지 않습니다.
그래서 여러분, 여러분의 도움이 필요합니다. 감사합니다!
-----편집 1(추가 iptables 구성)------------------------- ---- -
내가 아는 한, 방화벽은 iptables를 백엔드로 사용합니다. 내 출력 ip6tables --list은 다음과 같습니다
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all anywhere anywhere
INPUT_direct all anywhere anywhere
INPUT_ZONES_SOURCE all anywhere anywhere
INPUT_ZONES all anywhere anywhere
ACCEPT ipv6-icmp anywhere anywhere
REJECT all anywhere anywhere reject-with icmp6-adm-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all anywhere anywhere
FORWARD_direct all anywhere anywhere
FORWARD_IN_ZONES_SOURCE all anywhere anywhere
FORWARD_IN_ZONES all anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all anywhere anywhere
FORWARD_OUT_ZONES all anywhere anywhere
ACCEPT ipv6-icmp anywhere anywhere
REJECT all anywhere anywhere reject-with icmp6-adm-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_public all anywhere anywhere [goto]
FWDI_public all anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_public all anywhere anywhere [goto]
FWDO_public all anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_public (2 references)
target prot opt source destination
FWDI_public_log all anywhere anywhere
FWDI_public_deny all anywhere anywhere
FWDI_public_allow all anywhere anywhere
Chain FWDI_public_allow (1 references)
target prot opt source destination
Chain FWDI_public_deny (1 references)
target prot opt source destination
Chain FWDI_public_log (1 references)
target prot opt source destination
Chain FWDO_public (2 references)
target prot opt source destination
FWDO_public_log all anywhere anywhere
FWDO_public_deny all anywhere anywhere
FWDO_public_allow all anywhere anywhere
Chain FWDO_public_allow (1 references)
target prot opt source destination
Chain FWDO_public_deny (1 references)
target prot opt source destination
Chain FWDO_public_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_public all anywhere anywhere [goto]
IN_public all anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_public (2 references)
target prot opt source destination
IN_public_log all anywhere anywhere
IN_public_deny all anywhere anywhere
IN_public_allow all anywhere anywhere
Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT udp anywhere fe80::/64 udp dpt:dhcpv6-client ctstate NEW
ACCEPT tcp anywhere anywhere tcp dpt:ssh ctstate NEW
Chain IN_public_deny (1 references)
target prot opt source destination
Chain IN_public_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
답변1
문제 1 해결: Firewalld는 기본적으로 RPF를 활성화하고 dhcpv6 응답 메시지는 테이블 원래 체인 PREROUTING에 설치된 RPF 규칙에 의해 차단됩니다.