Ifconfig Ipv6:permission Denied.

Home » CentOS » Ifconfig Ipv6:permission Denied.
CentOS 18 Comments

Hi!

I installed CentOS 7 today, it’s a minimal install, so it didn’t have ifconfig command. So I installed net-tools, however I can’t add ipv6
address to it.

# ifconfig enp0s3 add fc00::1002/124
SIOCSIFADDR: Permission denied.

Yes, I’m running as root.

CentOS is running in a Qemu instance with e1000 ethernet card.

18 thoughts on - Ifconfig Ipv6:permission Denied.

  • The cool kids are all using ‘ip’ these days since ifconfig is deprecated.

    Is the device under NetworkManager control (this is the default)?

  • Yeah, I set sys.net.ipv6.conf.all.accept_ra to 0. However Linux did not do any auto reconfiguration. There were no ipv6 address on it.

  • Yeah, thanks for the heads up. net-tools got no updates since 3 years and iproute2 looks incredibly complicated (cause it has support for advanced routing and traffic management).

    NetworkManager is not installed in the minimal CentOS install.

  • Em 07-09-2014 05:24, dE escreveu:

    Almost the same setup here (!minimal install, but everything else similar) works..

    What’s the current output of ifconfig for this interface? Does it list any ipv6 addresses on it?

    And could you try the ip command as suggested by Jim? In your case, it’s just: ip -6 addr add dev enp0s3 fc00::1002/124

    Marcelo

  • Ifconfig lists all interfaces normally. There’s enp0s3 and lo. Both are up, and no, they’ve no ipv6 addresses (cannot assign them even using ifcfg).

    ifcfg enp0s3 add fc00::1002/124 results in arping: Unknown host fc00:1002
    Error: some host already uses address fc00:1002 on enp0s3.

    You know the last error message sounds ridiculous. The virtual interface on the host has IP fc00::1001/124

    Using ip, it also complains “RTNETLINK answer: Permission denied”.

    Since this’s a fresh install, I think I should file a bug.

  • Um ifcfg doesn’t handle ipv6 – just take a look at the shell script that makes it up …

    This is highlighted by arping … ipv6 does not use arp

    I just built a minimal C7 instance to verify the behaviour…

    systemctl status NetworkManager shows that it is running

    ip addr add fc00::1001/124 dev eth0 adds the IP address to the interface

    NetworkManager does not remove this from the interface

  • *blink*

    I built a minimal (just the minimal package group) CentOS 7 to test this just for you and I assure you NetworkManager was there. C6 did not have it in minimal but C7 does.

    Read the comps file if you want:

    http://mirror.CentOS.org/CentOS/7/os/x86_64/repodata/2bc0054a9f0f4cd3d2806d983edbe3d0dfc484d9f275d12be79eb67a040ba942-c7-x86_64-comps.xml

    @core is the only group in the grouplist for the minimal environment and has NetworkManager in the default set.

    If you do a minimal C7 install it includes NM unless you take steps not to have it there such as a kickstart with -NetworkManager in %packages

  • That’s fairly important information to know due to the huge differences in behaviour.

    Your original post stated CentOS 7

  • Em 07-09-2014 05:24, dE escreveu:

    One more test. Please check sysctl -a | grep disable_ipv6 output And if it’s =1, set it to 0.

    When NetworkManager is running, it may disable ipv6 on the interface if its not configured via NM…

    Marcelo

  • its not configured via NM…

    The default is not to disable ipv6 so something in your environment actively did this.

    This does, however, leave me somewhat confused as to how you claimed there was a fc00::1001 address on there and you were adding the additional address when you saw the refused message…

  • Well… NM needs to put the interface UP so it can reliably monitor the link state. But that was turning ipv6 addr auto-config on and was considered a security issue and thus NM started disabling ipv6 on such
    (non-configured via NM but monitored) interface to avoid the address auto-configuration from happening, yet causing this.

    The fix (to be able to bring it up without ipv6 address autoconfig)
    needed kernel & NM patches and show be available on 7.0.z very soon.

    Such address was on the host, no?

    Cheers, Marcelo

LEAVE A COMMENT