1

So, as the title says, I setup a isc-dhcp-server for DHCPv6, which is working as long as UFW is disabled.

Once enabled, though I have all the necessary rules in place, and UFW is enabled for v6, it stops working.

My rules are:

xxx@deadpool:/etc/ufw# grep '546\|547' *
after6.rules:-A ufw6-after-input -p udp --dport 546 -j ufw6-skip-to-policy-input
after6.rules:-A ufw6-after-input -p udp --dport 547 -j ufw6-skip-to-policy-input    
before6.rules:-A ufw6-before-input -p udp -s fe80::/10 --sport 547 -d fe80::/10 --dport 546 -j ACCEPT

I found two related but fixed bugs on launchpad: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/947416 https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1007326

Any ideas?

lightxx
  • 197
  • 2
  • 9
  • 1
    i had to `ufw allow proto udp from any to any port 546 && ufw allow proto udp from any to any port 547` to get it to work. can't figure out why for the heck of it. only link local addresses should be required for DHCPv6 anyways ... – lightxx Jun 22 '16 at 10:33

2 Answers2

2

I see an existing rule for a DHCP client:

# allow dhcp client to work
-A ufw6-before-input -p udp -s fe80::/10 --sport 547 -d fe80::/10 --dport 546 -j ACCEPT

I think you need to reverse the source/destination ports for your *server:

# dhcp server
-A ufw6-before-input -p udp -s fe00::/7 --sport 546 -d fe00::/7 --dport 547 -j ACCEPT
tjvr
  • 121
  • 3
0

Change it to fe00::/7, you have to allow IPv6 multicast addresses as well. Your server should be listening on ff05::1:3 and ff02::1:2.

See: https://en.wikipedia.org/wiki/Multicast_address#IPv6

Bryce Larson
  • 141
  • 3