IPv6 n00b: dhcpv6-client requests blocked on LAN



  • I'm trying to figure out if this is a configuration error. A few hours after getting IPv6 working from my local network, the firewall log is showing lots of blocks of this sort:

    Sep 17 08:38:27 gateway filterlog: 70,,,11000,em1,match,block,in,6,0x00,0x71da2,1,UDP,17,60,fe80::f6:a33e:7157:ea22,ff02::1:2,546,547,60
    

    My (very limited, still learning) interpretation of this is that the client on my LAN is requesting something of a DHCPv6 server upstream, from a link-local DHCP relay agent/server. The client seems to have no trouble getting out, as 'ping6 www.google.com' shows a reasonable round trip time.

    My questions are:

    • Are these normal in a properly configured network?
    • Should this traffic be passed upstream through the firewall?
    • Or should it be handled by a DHCPv6 relay on my router?
    • Or did I mess up the configuration elsewhere?

    Our ISP has delegated a /64 to us. I'm using Track Interface on the LAN.

    Please help educate this n00b. Suggestions for further reading welcomed. Thanks.



  • Since no one is answering, I did a little research.

    This appears to be a valid DHCP server/relay solicitation. It doesn't go anywhere because there's no DHCP server/relay on the subnet, because in turn the subnet has been delegated to us from the ISP. radvd is running but we're using stateless autoconfiguration to allocate addresses.

    Should I be running a DHCPv6 relay in this situation? Or is stateless autoconfiguration enough? It seems to be working fine at the moment.


Log in to reply