[Bug 1309931] [NEW] advertises official IPv6 addresses

Hadmut Danisch hadmut at danisch.de
Sat Apr 19 12:05:15 UTC 2014 

Public bug reported:

Hi,

avahi-daemon of 14.04 is currently breaking some of my services, e.g.
squid-apt-proxy.

For security reasons, I have restricted access to services on my server
machine in my LAN to link-local ipv6 addresses, i.e. FE80::

At the same time, I have a router advertising an official IPv6 prefix,
so my server machine has both an official and a link-local ipv6 address.
Unfortunately, avahi-daemon advertises the official address, thus having
all clients run against fireall and application security rules.

Since avahi is limited to the link anyways (except when using a bonjour
proxy), this does not make sense. It should advertise the link-local
ipv6 address only (or at least should have a configuration option).

regards
Hadmut

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: avahi-daemon 0.6.31-4ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-24.46-generic 3.13.9
Uname: Linux 3.13.0-24-generic x86_64
NonfreeKernelModules: zfs zunicode zavl zcommon znvpair
ApportVersion: 2.14.1-0ubuntu3
Architecture: amd64
Date: Sat Apr 19 13:59:36 2014
InstallationDate: Installed on 2011-06-29 (1025 days ago)
InstallationMedia: Ubuntu-Server 10.04.1 LTS "Lucid Lynx" - Release amd64 (20100816.2)
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/usr/bin/tcsh
SourcePackage: avahi
UpgradeStatus: Upgraded to trusty on 2014-04-18 (0 days ago)
mtime.conffile..etc.avahi.avahi.daemon.conf: 2014-04-19T13:54:01.921941

** Affects: avahi (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug third-party-packages trusty

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to avahi in Ubuntu.
https://bugs.launchpad.net/bugs/1309931

Title:
  advertises official IPv6 addresses

Status in “avahi” package in Ubuntu:
  New

Bug description:
  Hi,

  avahi-daemon of 14.04 is currently breaking some of my services, e.g.
  squid-apt-proxy.

  For security reasons, I have restricted access to services on my
  server machine in my LAN to link-local ipv6 addresses, i.e. FE80::

  At the same time, I have a router advertising an official IPv6 prefix,
  so my server machine has both an official and a link-local ipv6
  address. Unfortunately, avahi-daemon advertises the official address,
  thus having all clients run against fireall and application security
  rules.

  Since avahi is limited to the link anyways (except when using a
  bonjour proxy), this does not make sense. It should advertise the
  link-local ipv6 address only (or at least should have a configuration
  option).

  regards
  Hadmut

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: avahi-daemon 0.6.31-4ubuntu1
  ProcVersionSignature: Ubuntu 3.13.0-24.46-generic 3.13.9
  Uname: Linux 3.13.0-24-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl zcommon znvpair
  ApportVersion: 2.14.1-0ubuntu3
  Architecture: amd64
  Date: Sat Apr 19 13:59:36 2014
  InstallationDate: Installed on 2011-06-29 (1025 days ago)
  InstallationMedia: Ubuntu-Server 10.04.1 LTS "Lucid Lynx" - Release amd64 (20100816.2)
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/usr/bin/tcsh
  SourcePackage: avahi
  UpgradeStatus: Upgraded to trusty on 2014-04-18 (0 days ago)
  mtime.conffile..etc.avahi.avahi.daemon.conf: 2014-04-19T13:54:01.921941

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1309931/+subscriptions

More information about the foundations-bugs mailing list