On Wed, 25 Feb 2015, Michael Mol wrote:
On Wed, Feb 25, 2015 at 10:27 AM, Michael Mol <mikemol@xxxxxxxxx> wrote:
So, I'm seeing a bunch of DHCPv6 traffic coming from my CentOS7
machines. Basically, the machines are trying to send router
solicitations, the packets are blocked at their egress firewalls, and
I get to see the logs.
I don't wish to disable IPv6. I don't wish to statically configure
IPv6 at this time. I wish to have the machines no longer attempting to
send router solicitations as part of DHCPv6.
How do I do this? I tried
DHCPV6C="no"
in ifcfg-ifacethatsnoteth0, but that seems to have had no effect. I
still see lines like these:
Feb 25 10:25:48 proxy-comcast-2 NetworkManager[541]: <error>
[1424877948.384918] [rdisc/nm-lndp-rdisc.c:241] send_rs(): ([snip]):
cannot send router solicitation: -1.
Feb 25 10:25:48 proxy-comcast-2 kernel: OUT-world:IN= OUT=[snip]
SRC=fe80:[snip] DST=ff02:0000:0000:0000:0000:0000:0000:0002 LEN=48
TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=133 CODE=0
So, DHCPV6C="no" seems to be useless. What's needed is IPV6INIT="no".
That doesn't disable IPv6 (to do that, you have to use sysctl), but it
does tell NetworkManager to not try to configure it. Which is fine.
Look at net.ipv6.conf.default.autoconf in sysctl; you can turn off
autoconf by adjusting it.
BTW: Autoconf router solicitations are different from DHCPv6 requests.
This SANS blog post provides a very short introduction to them both:
https://isc.sans.edu/diary/The+Good,+Bad+and+Ugly+about+Assigning+IPv6+Addresses/13978
--
Paul Heinlein
heinlein@xxxxxxxxxx
45°38' N, 122°6' W
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
