Firewalld forwarding IPv6 Between Interfaces

Another quick post about IPv6, I really struggled building a routing firewall with Centos 7 and Firewalld

Here is the setup.

em1 has a static IPv6 address (could be auto configured too) x:x:x:0::1/64
em2 has a static IPv6 address as well, along with radvd running x:x:x:2::1/64

Keep in mind em2 could also get a DHCP-PD allocation, but I had a x:x:x:2::/64 statically routed to: x:x:x:0::1 , so I didn’t need it.

first we needed to enable forwarding:


Add the line:


So ALL my IPV6 lines in ifcfg-em1 look like:


Edit ifcfg-em2


Add the line:


So ALL my IPV6 lines in ifcfg-em2 look like:


At this point you should restart networking.

systemctl restart network

Lastly you need to enable the forwarding in firewalls

firewall-cmd --direct --add-rule ipv6 filter FORWARD 0 -i em2 -o em1 -j ACCEPT
firewall-cmd reload

Cool you can now forward between em2 and em1, from this point you could do IPv6 DHCP, cool, but that’s just a whole lot of work, a better approach would be to use radvd, and let all the devices auto configure (the IPv6 magic).

yum install radvd

Now edit your /etc/radvd.conf


Change to make it look similar to mine only with your IPv6 block

interface em2
   AdvSendAdvert on;
   AdvIntervalOpt on;
   MinRtrAdvInterval 60;
   MaxRtrAdvInterval 300;
   AdvLinkMTU 1280;
   AdvOtherConfigFlag on;
   AdvHomeAgentFlag off;
    prefix x:x:x:2::/64
     	AdvOnLink on;
        AdvAutonomous on;
        AdvRouterAddr on;
interface em1
    AdvSendAdvert             off;

Start radvd

systemctl start radvd

That’s it your router announcements will start being handed out!

Happy IPv6’ng


Leave a Reply

Your email address will not be published. Required fields are marked *