Another quick post about IPv6, I really struggled building a routing firewall with Centos 7 and Firewalld
Here is the setup.
em1 has a static IPv6 address (could be auto configured too) x:x:x:0::1/64
em2 has a static IPv6 address as well, along with radvd running x:x:x:2::1/64
Keep in mind em2 could also get a DHCP-PD allocation, but I had a x:x:x:2::/64 statically routed to: x:x:x:0::1 , so I didn’t need it.
first we needed to enable forwarding:
/etc/sysconfig/network-scripts/ifcfg-em1 |
Add the line:
IPV6FORWARDING=yes |
So ALL my IPV6 lines in ifcfg-em1 look like:
IPV6INIT="yes" IPV6_AUTOCONF="no" IPV6ADDR=x:x:x:0::2 IPV6_DEFAULTGW=x:x:x:0::1 |
Edit ifcfg-em2
/etc/sysconfig/network-scripts/ifcfg-em2 |
Add the line:
IPV6FORWARDING=yes |
So ALL my IPV6 lines in ifcfg-em2 look like:
IPV6INIT="yes" IPV6_AUTOCONF="no" IPV6ADDR=x:x:x:2::1 |
At this point you should restart networking.
systemctl restart network |
Lastly you need to enable the forwarding in firewalls
firewall-cmd --direct --add-rule ipv6 filter FORWARD 0 -i em2 -o em1 -j ACCEPT firewall-cmd reload |
Cool you can now forward between em2 and em1, from this point you could do IPv6 DHCP, cool, but that’s just a whole lot of work, a better approach would be to use radvd, and let all the devices auto configure (the IPv6 magic).
yum install radvd |
Now edit your /etc/radvd.conf
/etc/radvd.conf |
Change to make it look similar to mine only with your IPv6 block
interface em2 { AdvSendAdvert on; AdvIntervalOpt on; MinRtrAdvInterval 60; MaxRtrAdvInterval 300; AdvLinkMTU 1280; AdvOtherConfigFlag on; AdvHomeAgentFlag off; prefix x:x:x:2::/64 { AdvOnLink on; AdvAutonomous on; AdvRouterAddr on; }; }; interface em1 { AdvSendAdvert off; }; |
Start radvd
systemctl start radvd |
That’s it your router announcements will start being handed out!
Happy IPv6’ng
–John