Comments (7)
Please use
IPv6Forwarding=yes
in networkd.conf, rather than .network file, it controls/proc/sys/net/ipv6/conf/all/forwarding
. This is not a bug in networkd, but how the kernel designed, or at most, a bug in the kernel.
Yet it would be very confusing to users in this case? I think this at the minimum deserves proper documentation on our side. Also, on top of that we should enable global forwarding in kernel if the global IPv6Forward=
is not set, but one interface enables forwarding. Then, disable the per-interface forwarding for all other interfaces.
Currently, the behavior is completely broken. We claim that IPMasquerade=yes
would imply IPv4/v6Forward=
, yet without enabling it globally that could not work.
from systemd.
I can confirm this, after update to systemd-256 (and 256.1) ipv6 forwarding stopped working.
Here are the configs for the WAN and LAN interfaces I use. I replaced IPForward=yes to IPv4Forwarding=yes and IPv6Forwarding=yes after updating to 256.
[Match]
Name=end0
[Network]
Description=WAN Interface
LinkLocalAddressing=ipv6
IPv6AcceptRA=yes
DHCP=yes
IPv4Forwarding=yes
IPv6Forwarding=yes
[DHCPv4]
Hostname=router
UseHostname=no
UseDNS=yes
UseNTP=no
UseSIP=no
UseRoutes=no
UseGateway=yes
[IPv6AcceptRA]
UseDNS=no
DHCPv6Client=yes
[Match]
Name=enp1s0
[Link]
RequiredForOnline=no
[Network]
Description=LAN Interface
Address=10.0.0.1/24
DHCPServer=yes
IPv6SendRA=yes
IPv6AcceptRA=no
DHCPv6PrefixDelegation=yes
IPMasquerade=ipv4
LinkLocalAddressing=ipv6
IPv6DuplicateAddressDetection=1
[DHCPServer]
PoolOffset=20
PoolSize=150
EmitDNS=yes
DNS=8.8.8.8
[IPv6SendRA]
EmitDNS=yes
EmitDomains=no
[DHCPPrefixDelegation]
UplinkInterface=end0
SubnetId=0x1
Announce=yes
from systemd.
The implementation for IPv4Forwarding
and IPv6Forwarding
seems to have similar behavior. It sets /proc/sys/net/ipv<4/6>/conf/<ifname>/forwarding
to 1
. While this is the correct behavior for IPv4, It's not for IPv6. From the kernel docs:
/proc/sys/net/ipv6/* Variables:
[...]
conf/all/forwarding - BOOLEAN
Enable global IPv6 forwarding between all interfaces.
IPv4 and IPv6 work differently here; e.g. netfilter must be used
to control which interfaces may forward packets and which not.
This also sets all interfaces' Host/Router setting
'forwarding' to the specified value. See below for details.
This referred to as global forwarding.
[...]
conf/interface/*:
Change special settings per interface.
The functional behaviour for certain settings is different
depending on whether local forwarding is enabled or not.
[...]
forwarding - INTEGER
Configure interface-specific Host/Router behaviour.
Note: It is recommended to have the same setting on all
interfaces; mixed router/host scenarios are rather uncommon.
Possible values are:
0 Forwarding disabled
1 Forwarding enabled
FALSE (0):
By default, Host behaviour is assumed. This means:
1. IsRouter flag is not set in Neighbour Advertisements.
2. If accept_ra is TRUE (default), transmit Router
Solicitations.
3. If accept_ra is TRUE (default), accept Router
Advertisements (and do autoconfiguration).
4. If accept_redirects is TRUE (default), accept Redirects.
TRUE (1):
If local forwarding is enabled, Router behaviour is assumed.
This means exactly the reverse from the above:
1. IsRouter flag is set in Neighbour Advertisements.
2. Router Solicitations are not sent unless accept_ra is 2.
3. Router Advertisements are ignored unless accept_ra is 2.
4. Redirects are ignored.
Default: 0 (disabled) if global forwarding is disabled (default),
otherwise 1 (enabled).
Which means we have to enable global forwarding whenever a single interface has IPv6Forwarding
set afaiu.
from systemd.
Please use IPv6Forwarding=yes
in networkd.conf, rather than .network file, it controls /proc/sys/net/ipv6/conf/all/forwarding
.
This is not a bug in networkd, but how the kernel designed, or at most, a bug in the kernel.
from systemd.
First of all, why /proc/sys/net/ipv6/conf/all/forwarding
needs to be enabled? I cannot find anything special for the sysctl value. It seems to simply enable IPv6 forwarding for all interfaces.
from systemd.
Ah, ip6_forward()
...
from systemd.
OK. I will update documentation.
from systemd.
Related Issues (20)
- Regression in terminal underline handling HOT 6
- Make the gpt-auto rootfs usable to create other mounts HOT 2
- run0 Allows execution on host container from container HOT 1
- OpenFile still gives logging errors when opening file while using option graceful
- Using radeon xorg driver with v256 hangs during suspend HOT 4
- homed does not honor uid on other systems HOT 4
- IPv6 Compliance Intermittent Failures
- IPv6 Compliance RFC4861: Default Router Switch (Hosts Only) [v6LC.2.2.11] - Incorrect nexthop HOT 3
- Improve Documentation or Error message for relative file paths for `journalctl --file=<absolute_path>` argument
- resolved: TXT records vanish if /etc/hosts entry is added HOT 5
- NetworkManager failed to start and cannot login when boot again HOT 1
- docs: Where= in systemd.mount can be not a directory HOT 2
- IOAccounting values not reported correctly in systemctl status HOT 2
- systemd 256 user instance not working on WSL. HOT 1
- IPv6 Routes installed via DHCP-PD are not removed on service restart, causing incorrect next-hop duplicates
- When docked and lid closed, entering disk-encryption passphrase too slowly causes suspend during startup
- `systemd-oomd` doesn't seem to kill processes due to `ManagedOOMMemoryPressureLimit` HOT 1
- user does not get terminated after linger is disabled
- /loader/credentials: Embedded credential name does not match filename HOT 1
- systemd Credential mechanism to allow custom credential keys to be shared among different machines HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from systemd.