Does anyone have a link that shows an example of a IPv6 firewalld router config through systemd? I’m especially interested in using networkd to get muliltiple DHCP Prefix Delegation and handling ser for multiple subnets.
I have been unable to find direct docs about the PD and RA options. I can find bits and pieces but no location with all the relevant oprions serving client DHCP requests on the subnets documented.
It is not clear for me whether your question is about firewalld configuration or the setup of systemd-networkd for IPv6 routing or both?
Concerning firewalld:
if you setup a IPv6 router, start with the sysctl
net.ipv6.conf.all.forwarding = 1, otherwise you get no forwarding.
IPv6 DHCP sends a packet to “all dhcp-servers” on port 547, so firewalld service “dhcpv6” should be enabled on a dhcpv6 server.
The server sends back a new connection to port 546 on the client, the firewalld service “dhcpv6-client” takes care of this. This service is default enabled in the workstation firewalld zones.
There is a default enabled policy “allow-host-ipv6” for the neighbour discovery and router advertisement ICMP’s
So for a IPv6 enabled workstation, you have to do nothing, that’s easy.
If you want to do IPvX forwarding, you have either to share a zone on both sides and enable forwarding for this zone, or create two policies allowing forwarding between ingress and egress zone. See firewalld libvirt-routed-in and libvirt-routed-out policies as example, if installed.
Systemd-network is well and very long documented in the systemd.network man page. You can fetch a delegated prefix by systemd-networkd, but also by dhclient or dhcpcd.
If you enable “router advertisement” in the systemd-network “.network” file by “IPv6SendRA”, and include name server by EmitDNS in the router advertisement, you’re in fact ready, hosts can get autoconfigured without any DHCP server.
If you want to use DHCPv6 for the clients on the subnets, you can use dnsmasq or dhcpcd. As far I know, systemd-networkd can do router advertisements but does not serve DHCPv6 requests.