For a while now I have been experiencing IPv6 instability with my Comcast /
Xfinity internet connection.  Over the weekend we identified the source of
the problem and Lonnie has implemented a fix which will rollout with the
next update.

In the meantime if you are unable to obtain an IPv6 address from your ISP,
or you obtain one at boot and then it disappears after a while, you can add
this line to your firewall custom config file as an interim solution...

ip6tables -I EXT_INPUT_CHAIN -d fe80::/10 -p udp -m udp --sport 547 --dport
546 -j ACCEPT

Explanation:
The DHCPv6 client uses link-local IPv6 addresses and broadcasts a request
for an address assignment to a specially designated IPv6 address...
ff02::1:2.  The DHCPv6 server (or relay) responds to the client's
link-local address.  Typically the response is sent from the server's own
link-local address and firewall rules are in place to block DHCPv6 replies
that do not originate from a link-local address.  Comcast / Xfinity have
implemented a change to their DHCPv6 servers and are sending responses from
the server's own Global Unicast Address (GUA) which is blocked by the
firewall.  The solution is to change the firewall rule to check for the
destination address (client's address) being link-local and accepting any
source address.

Regards,
David
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Reply via email to