For a while now I have been experiencing IPv6 instability with my Comcast / Xfinity internet connection. Over the weekend we identified the source of the problem and Lonnie has implemented a fix which will rollout with the next update.
In the meantime if you are unable to obtain an IPv6 address from your ISP, or you obtain one at boot and then it disappears after a while, you can add this line to your firewall custom config file as an interim solution... ip6tables -I EXT_INPUT_CHAIN -d fe80::/10 -p udp -m udp --sport 547 --dport 546 -j ACCEPT Explanation: The DHCPv6 client uses link-local IPv6 addresses and broadcasts a request for an address assignment to a specially designated IPv6 address... ff02::1:2. The DHCPv6 server (or relay) responds to the client's link-local address. Typically the response is sent from the server's own link-local address and firewall rules are in place to block DHCPv6 replies that do not originate from a link-local address. Comcast / Xfinity have implemented a change to their DHCPv6 servers and are sending responses from the server's own Global Unicast Address (GUA) which is blocked by the firewall. The solution is to change the firewall rule to check for the destination address (client's address) being link-local and accepting any source address. Regards, David
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
