So, I'm seeing a bunch of DHCPv6 traffic coming from my CentOS7 machines. Basically, the machines are trying to send router solicitations, the packets are blocked at their egress firewalls, and I get to see the logs. I don't wish to disable IPv6. I don't wish to statically configure IPv6 at this time. I wish to have the machines no longer attempting to send router solicitations as part of DHCPv6. How do I do this? I tried DHCPV6C="no" in ifcfg-ifacethatsnoteth0, but that seems to have had no effect. I still see lines like these: Feb 25 10:25:48 proxy-comcast-2 NetworkManager[541]: <error> [1424877948.384918] [rdisc/nm-lndp-rdisc.c:241] send_rs(): ([snip]): cannot send router solicitation: -1. Feb 25 10:25:48 proxy-comcast-2 kernel: OUT-world:IN= OUT=[snip] SRC=fe80:[snip] DST=ff02:0000:0000:0000:0000:0000:0000:0002 LEN=48 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=133 CODE=0 -- :wq
On Wed, Feb 25, 2015 at 10:27 AM, Michael Mol <mikemol at gmail.com> wrote:> So, I'm seeing a bunch of DHCPv6 traffic coming from my CentOS7 > machines. Basically, the machines are trying to send router > solicitations, the packets are blocked at their egress firewalls, and > I get to see the logs. > > I don't wish to disable IPv6. I don't wish to statically configure > IPv6 at this time. I wish to have the machines no longer attempting to > send router solicitations as part of DHCPv6. > > How do I do this? I tried > > DHCPV6C="no" > > in ifcfg-ifacethatsnoteth0, but that seems to have had no effect. I > still see lines like these: > > Feb 25 10:25:48 proxy-comcast-2 NetworkManager[541]: <error> > [1424877948.384918] [rdisc/nm-lndp-rdisc.c:241] send_rs(): ([snip]): > cannot send router solicitation: -1. > Feb 25 10:25:48 proxy-comcast-2 kernel: OUT-world:IN= OUT=[snip] > SRC=fe80:[snip] DST=ff02:0000:0000:0000:0000:0000:0000:0002 LEN=48 > TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=133 CODE=0So, DHCPV6C="no" seems to be useless. What's needed is IPV6INIT="no". That doesn't disable IPv6 (to do that, you have to use sysctl), but it does tell NetworkManager to not try to configure it. Which is fine. -- :wq
On Wed, 25 Feb 2015, Michael Mol wrote:> On Wed, Feb 25, 2015 at 10:27 AM, Michael Mol <mikemol at gmail.com> wrote: >> So, I'm seeing a bunch of DHCPv6 traffic coming from my CentOS7 >> machines. Basically, the machines are trying to send router >> solicitations, the packets are blocked at their egress firewalls, and >> I get to see the logs. >> >> I don't wish to disable IPv6. I don't wish to statically configure >> IPv6 at this time. I wish to have the machines no longer attempting to >> send router solicitations as part of DHCPv6. >> >> How do I do this? I tried >> >> DHCPV6C="no" >> >> in ifcfg-ifacethatsnoteth0, but that seems to have had no effect. I >> still see lines like these: >> >> Feb 25 10:25:48 proxy-comcast-2 NetworkManager[541]: <error> >> [1424877948.384918] [rdisc/nm-lndp-rdisc.c:241] send_rs(): ([snip]): >> cannot send router solicitation: -1. >> Feb 25 10:25:48 proxy-comcast-2 kernel: OUT-world:IN= OUT=[snip] >> SRC=fe80:[snip] DST=ff02:0000:0000:0000:0000:0000:0000:0002 LEN=48 >> TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=ICMPv6 TYPE=133 CODE=0 > > So, DHCPV6C="no" seems to be useless. What's needed is IPV6INIT="no". > That doesn't disable IPv6 (to do that, you have to use sysctl), but it > does tell NetworkManager to not try to configure it. Which is fine.Look at net.ipv6.conf.default.autoconf in sysctl; you can turn off autoconf by adjusting it. BTW: Autoconf router solicitations are different from DHCPv6 requests. This SANS blog post provides a very short introduction to them both: https://isc.sans.edu/diary/The+Good,+Bad+and+Ugly+about+Assigning+IPv6+Addresses/13978 -- Paul Heinlein heinlein at madboa.com 45?38' N, 122?6' W