On 2/21/19 10:04 PM, Mathias Homann wrote:
Am Freitag, 22. Februar 2019, 02:44:44 CET schrieb Lew Wolfgang:
Hi Folks,
I've finally started to move 42.3 systems to Leap 15 and have run into some issues with firewalld. The basic install works okay on this dual-stack v4/v6 network, but when I try to configure two interfaces (exterior/interior) I lose my v6 address assignment. Stopping the firewall allows dhcpv6 to work, starting the firewall breaks it again. I've explicitly tried to enable the dhcpv6 service,
for IPv6 you have to enable the DHCP *CLIENT* as well, since it operates on multicast and needs an open port.
Maybe that's your problem?
I finally got back to this. I confirmed with the GUI that firewalld is allowing DHCPv6-client and DHCPv6, but still no luck. Again, v6 works when the firewall isn't running, as confirmed with iptables -L. The GUI is not user-friendly and behaved inconsistently when I attempted to configure the two interfaces as external and internal, without NAT. So I uninstalled firewalld with zypper and locked it out. I then loaded susefirewall2 and copied over my old SuSEfirewall2 script. It works like a charm. This will do for now, I need to get this host to its user. If I can find the time I'll try 15.1 on a different host and see if things got any better for me with firewalld. If it doesn't I'll file a bug report. Shorewall may still be an option, it looks to be simpler and is configured by script. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org