[FS#389] odhcpd relay mode is blocked by firewall by default
LEDE Bugs
lede-bugs at lists.infradead.org
Sun Jan 15 04:46:08 PST 2017
A new Flyspray task has been opened. Details are below.
User who did this - Nikolay Amiantov (abbradar)
Attached to Project - LEDE Project
Summary - odhcpd relay mode is blocked by firewall by default
Task Type - Bug Report
Category - Base system
Status - Unconfirmed
Assigned To -
Operating System - All
Severity - Low
Priority - Very Low
Reported Version - Trunk
Due in Version - Undecided
Due Date - Undecided
Details - odhcpd currently won't work when put in [[https://wiki.openwrt.org/doc/uci/network6#router_advertisement_dhcpv6|relay mode]] if followed the manual naively. Turns out this is because firewall blocks incoming traffic to DHCPv6 server (port 547) from external DHCPv6 servers (port 547) from WAN zone by default. It may be a good idea to allow this out of the box, though I'm unsure if there are any security complications from this -- I'm a newcomer to IPv6. Replies come with the source global IPv6 address of DHCPv6 server to the global IPv6 address of the router, so it's difficult to make a more constrained rule without hardcoding them or at least the prefix.
Example rule which fixes relay mode:
config rule
option enabled '1'
option target 'ACCEPT'
option src 'wan'
option proto 'udp'
option dest_port '547'
option name 'Allow DHCPv6 Relay'
option family 'ipv6'
option src_port '547'
LEDE revision: 3e7b894ac08b56343e6e449a38fdb2be7b02a127
More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=389
More information about the lede-bugs
mailing list