Opened 5 years ago

Closed 5 years ago

#3847 closed enhancement (complete)

User's Guide should caution against firewall (ip6tables)

Reported by: tomek Owned by: UnAssigned
Priority: low Milestone: Kea0.9.2
Component: documentation Version: git
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: N/A
Sub-Project: DHCP Feature Depending on Ticket:
Estimated Difficulty: 0 Add Hours to Ticket: 0
Total Hours: 0 Internal?: no


People who try to deploy DHCPv6 for the first time frequently experience a problem with Kea (or any other server implementation for that matter) not receiving incoming packets.

They go on with debugging and see the incoming Solicit packet in tcpdump, but the server does not receive it. This raises suspicions that the server is broken. The actual cause of this is the default setting of ip6tables. We should add a note to the User's Guide that if people are having problems with receiving any incoming DHCPv6 traffic, they are advised to look at their ip6tables (or whatever IPv6 firewall is running on their system).

See for an example of such a report.


Change History (7)

comment:1 Changed 5 years ago by hschempf

  • Milestone changed from Kea-proposed to Kea0.9.2
  • Priority changed from medium to low

comment:2 Changed 5 years ago by jreed

I created another ticket #3873 for adding the troubleshooting section to the guide. I suggest for now that the quick statement (maybe two sentences) about the firewall for this ticket #3847 be done now since the other task is larger and may not get done in this development period.

comment:3 Changed 5 years ago by tomek

  • Milestone changed from Kea0.9.2 to Kea0.9.2-final

comment:4 Changed 5 years ago by tomek

  • Owner set to tomek
  • Status changed from new to assigned

comment:5 Changed 5 years ago by tomek

  • Owner changed from tomek to UnAssigned
  • Status changed from assigned to reviewing

Added a question in FAQ. That's covered in #3873. (see changes on trac3873). Moving this ticket to review. Will close it once #3873 is merged.

comment:6 follow-up: Changed 5 years ago by fdupont

A silly question: is there something to review for this ticket itself (vs #3873)?
BTW I looked at the corresponding part in the FAQ (aka #3873) and it correctly covers this ticket so I shan't worry if this ticket is closed as a duplicate of #3873.

comment:7 in reply to: ↑ 6 Changed 5 years ago by tomek

  • Resolution set to complete
  • Status changed from reviewing to closed

Replying to fdupont:

A silly question: is there something to review for this ticket itself (vs #3873)?

No, that's all covered in #3873. Since these two tickets were submitted independently and they're not exactly duplicates (more like one is subset of another), I decided to keep both of them, do all the work on one branch and then close both.

#3873 (that includes firewall warning) is now merged, closing this ticket as well.

Note: See TracTickets for help on using tickets.