Moving Between IPv4 and IPv6¶
Management Console supports only pure IPv4 or IPv6 networks and not hybrid or stacked networks.
These steps must be performed in order for Management Console to operate successfully in a pure IPv4 or pure IPv6 environment.
Deleted Data
Be sure to backup your database in case you have to revert your change. When changing networks, Management Console will permanently delete unrelated data. See deleted data for more information on what is deleted.
To configure firewalld for an existing Management Console deployment that has been changed from IPv4 to IPv6 or vice versa¶
-
Login to the Management Console host operating system console.
-
Stop the mcconsole service.
sudo systemctl stop mcconsole
-
Stop the mcdaemon service.
sudo systemctl stop mcdaemon
-
Change the NIC IP address to IPv4 or IPv6.
-
Reboot your computer.
sudo init 6
-
Configure your Management Console firewall for the appropriate network.
-
Moving from IPv4 to IPv6: Follow the same steps as shown at Firewall changes required after an RPM Upgrade from Management Console 20.04 to Management Console 20.07 in IPv6 Environment
-
Moving from IPv6 to IPv4: Follow the same steps as shown at Firewall changes required after an RPM Upgrade from Management Console 20.04 to Management Console 20.07 in IPv6 Environment
-
-
Run the scripts to delete unrelated data to maintain a pure IPv4 or IPv6 network.
cd /opt/teradici/database sudo python mc_env_db.py
-
Start the mcconsole service.
sudo systemctl start mcconsole
-
Start the mcdaemon service.
sudo systemctl start mcdaemon
Existing IPv6 rule removal
If your Management Console happens to have previous Management Console IPv6 rules configured, remove them now by performing the following steps.
Note : If rule is not enabled it shows a warning NOT_ENABLED
-
Close port 443:
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=443 protocol=tcp accept'
-
Close port 22:
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=22 protocol=tcp accept'
-
Close port 5172:
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=5172 protocol=tcp accept'
-
Close port 80:
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=80 protocol=tcp accept'
-
Remove port forwarding of 8443 to 443:
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 forward-port to-port=8443 protocol=tcp port=443'
-
Remove port forwarding of 8080 to 80:
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 forward-port to-port=8080 protocol=tcp port=80'
To configure firewalld rules for an existing Management Console moving from an IPv6 to an IPv4 network perform the following steps:¶
-
Login to the Management Console host operating system console.
-
Enable required IPv4 ports.
`sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-port={22,443,80,5172}/tcp`
-
Redirect IPv4 port 443 to port 8443
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-forward-port=port=443:proto=tcp:toport=8443
-
Redirect IPv4 Port 80 to 8080.
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-forward-port=port=80:proto=tcp:toport=8080
-
Remove IPv6 rules.
-
Remove port forwarding to 8443 and 8080
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-forward-port=port=443:proto=tcp:toport=8443
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-forward-port=port=80:proto=tcp:toport=8080
-
Close port 443
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=443 protocol=tcp accept'
-
Close port 22
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=22 protocol=tcp accept'
-
Close port 5172
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=5172 protocol=tcp accept'
-
Close port 80
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=80 protocol=tcp accept'
-
-
Remove redirect of IPv4 port 443 to 8443.
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 forward-port to-port=8443 protocol=tcp port=443'
-
Remove redirect IPv6 Port 80 to 8080.
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 forward-port to-port=8080 protocol=tcp port=80'
-
Reload the firewall.
sudo firewall-cmd --reload
-
Confirm the rules are applied.
-
Check the firewalld status is active.
sudo systemctl status firewalld
-
Verify all rules are added in firewalld or not, all rules should be applied.
sudo firewall-cmd --list-all
-
To configure firewalld rules for an existing Management Console moving from an IPv4 to an IPv6 network perform the following steps:¶
-
Login to the Management Console host operating system console.
-
Remove IPv4 rules.
-
Close IPv4 ports
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-port={22,443,80,5172}/tcp
-
Remove IPv4 port forwarding to 8443 and 8080
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-forward-port=port=443:proto=tcp:toport=8443
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-forward-port=port=80:proto=tcp:toport=8080
-
-
Enable required IPv6 ports.
-
Open port 443
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-rich-rule='rule family=ipv6 port port=443 protocol=tcp accept'
-
Open port 22
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-rich-rule='rule family=ipv6 port port=22 protocol=tcp accept'
-
Open port 5172
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-rich-rule='rule family=ipv6 port port=5172 protocol=tcp accept'
-
Open port 80
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-rich-rule='rule family=ipv6 port port=80 protocol=tcp accept'
-
-
Redirect IPv6 port 443 to 8443.
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-rich-rule='rule family=ipv6 forward-port to-port=8443 protocol=tcp port=443'
-
Redirect IPv6 Port 80 to 8080.
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-rich-rule='rule family=ipv6 forward-port to-port=8080 protocol=tcp port=80'
-
Reload the firewall.
sudo firewall-cmd --reload
-
Confirm the rules are applied.
-
Check the firewalld status is active.
sudo systemctl status firewalld
-
Verify all rules are added in firewalld or not, all rules should be applied.
sudo firewall-cmd --list-all
-