为什么我在IPv6上没有与DHCP服务器的连接?

huangapple
go评论63阅读模式
英文:

Why do I have no connection to dhcp server at ipv6 over nft

问题

我已经配置了我的nftable,正常操作看起来没问题,但是当我查看dhclient -6时,我看到:

XMT: 正在形成Rebind,已经过去了606790毫秒。
XMT:  X-- IA_NA 1e:dd:f2:18
XMT:  | X-- 请求续约  +3600
XMT:  | X-- 请求重新绑定 +5400
XMT:  | | X-- IAADDR 2a00:6020:500b:ef00:f6e1:1eff:fedd:f218
XMT:  | | | X-- 首选生存时间 +7200
XMT:  | | | X-- 最大生存时间 +7500
XMT:  V IA_NA 已附加。
XMT: 在br0上重新绑定,间隔585450毫秒。

但是没有看到任何广播消息 (RCV)。我的配置有什么问题?

当我关闭nft时,它可以正常与我的Fritz box配合使用。所以在我看来,似乎有些配置错误。

我希望有人能帮到我 - 谢谢

英文:

I have configured my nftable with

table inet firewall {
	chain input {
		type filter hook input priority filter; policy drop;
		ct state invalid counter packets 0 bytes 0 drop comment "early drop of invalid packets"
		ct state established,related accept comment "accept all connections related to connections made by us"
		ct helper "ftp" accept
		iifname "lo" counter packets 63 bytes 3760 accept comment "accept loopback"
		iifname "lo" ip saddr != 127.0.0.0/8 drop
		iifname "lo" ip6 saddr != ::1 drop
		ip protocol icmp counter packets 0 bytes 0 accept comment "accept all ICMP types"
		meta l4proto ipv6-icmp accept comment "Accept ICMPv6"
		jump input-inetd
		jump output-inetd
        }
        
        chain forward {
            type filter hook forward priority filter; policy drop;
            ct state established,related,new accept
            iifname "br0" counter packets 250 bytes 22684 accept comment "forwarding only on bridge"
        }
    
        chain output {
            type filter hook output priority filter; policy accept;
            oifname "lo" counter packets 63 bytes 3760 accept comment "accept loopback"
            oifname "lo" ip daddr != 127.0.0.0/8 drop
            oifname "lo" ip6 daddr != ::1 drop
        }
    
        chain input-inetd {
            tcp dport 21 accept
            tcp dport 23 accept
        }
    
        chain output-inetd {
            tcp dport 20 accept
        }
    }

Normal operation looks fine, but if I look at dhclient -6 I see

XMT: Forming Rebind, 606790 ms elapsed.
XMT:  X-- IA_NA 1e:dd:f2:18
XMT:  | X-- Requested renew  +3600
XMT:  | X-- Requested rebind +5400
XMT:  | | X-- IAADDR 2a00:6020:500b:ef00:f6e1:1eff:fedd:f218
XMT:  | | | X-- Preferred lifetime +7200
XMT:  | | | X-- Max lifetime +7500
XMT:  V IA_NA appended.
XMT: Rebind on br0, interval 585450ms.

but did not see any Advertise message (RCV). What is wrong with my configuration?

When I turn nft off, it works fine with my Fritz box. So it looks to me like something is misconfigured.

I hope someone can help me - thanks

答案1

得分: 0

尝试将以下内容添加到您的输入链中:

meta l4proto ipv6-icmp accept
meta l4proto icmp accept
meta l4proto igmp accept
ip6 ecn not-ect accept

而不是

meta l4proto ipv6-icmp accept comment "Accept ICMPv6"

然后重新启动。

英文:

Try adding this to your input chain

meta l4proto ipv6-icmp accept
meta l4proto icmp accept
meta l4proto igmp accept
ip6 ecn not-ect accept

instead of

meta l4proto ipv6-icmp accept comment "Accept ICMPv6"

and reboot.

huangapple
  • 本文由 发表于 2023年6月22日 18:08:51
  • 转载请务必保留本文链接:https://go.coder-hub.com/76530793.html
  • configuration
  • dhcp
  • ipv6
  • nftables
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定