Moving Between IPv4 and IPv6¶
Management Console supports only pure IPv4 or IPv6 networks and not hybrid or stacked networks.
Upgrading and migrating at the same time
If a user wants to upgrade and migrate ( Ipv6 to Ipv4 and vice versa ) at the same time e.g. user want to upgrade from 20.04 IPv4 to 20.07 IPv6, we suggest they first complete upgrade (20.04 IPv4 to 20.07 IPv4 upgrade) and then following the IPv4 to IPv6 migration guideline
These steps must be performed in order for Management Console to operate successfully in a pure IPv4 or pure IPv6 environment.
Deleted Data
Be sure to backup your database in case you have to revert your change. When changing networks, Management Console will permanently delete unrelated data. See deleted data for more information on what is deleted.
To configure firewalld for an existing Management Console deployment that has been changed from IPv4 to IPv6 or vice versa¶
-
Login to the Management Console host operating system console.
-
Stop the mcconsole service.
sudo systemctl stop mcconsole
-
Stop the mcdaemon service.
sudo systemctl stop mcdaemon
-
To Enable or Disable IPv6 environment, you must modify the teradici.ipv6.conf file by executing either of the following commands.
-
To disable IPv6 configuration in an IPv4 environment
sudo su echo -e "net.ipv6.conf.all.disable_ipv6=1\nnet.ipv6.conf.default.disable_ipv6=1" > /usr/lib/sysctl.d/teradici_ipv6.conf exit
-
To enable IPv6 configuration in an IPv6 environment
sudo su echo -e "net.ipv6.conf.all.disable_ipv6=0\nnet.ipv6.conf.default.disable_ipv6=0" > /usr/lib/sysctl.d/teradici_ipv6.conf exit
-
-
Change the NIC IP address to IPv4 or IPv6.
-
Reboot your computer.
sudo init 6
-
Configure your Management Console firewall for the appropriate network.
-
Configuration rules from 20.04 or later to 20.07.1
-
Moving from IPv4 to IPv6: Follow the same steps as shown at Firewall changes required after an RPM Upgrade from Management Console 20.04 to Management Console 20.07 in IPv6 Environment
-
Moving from IPv6 to IPv4: Follow the same steps as shown at Firewall changes required after an RPM Upgrade from Management Console 20.04 to Management Console 20.07 in IPv6 Environment
-
-
Configuration rules from 20.01 or older to 20.07.1
-
Moving from IPv4 to IPv6: Follow the same steps as shown at Updating firewall configuration after upgrading from Management Console 19.05 through to 20.01 to Management Console 20.07 with IPv6
-
Moving from IPv4 to IPv4: Follow the same steps as shown at Firewall changes after a RPM Upgrade from Management Console 20.01 or older using IPv4
-
-
-
Run the scripts to delete unrelated data to maintain a pure IPv4 or IPv6 network.
cd /opt/teradici/database sudo python3.9 mc_env_db.py
-
Start the mcconsole service.
sudo systemctl start mcconsole
-
Start the mcdaemon service.
sudo systemctl start mcdaemon
Existing IPv6 rule removal
If your Management Console happens to have previous Management Console IPv6 rules configured, remove them now by performing the following steps.
Note : If rule is not enabled it shows a warning NOT_ENABLED
-
Close port 443:
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=443 protocol=tcp accept'
-
Close port 22:
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=22 protocol=tcp accept'
-
Close port 5172:
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=5172 protocol=tcp accept'
-
Close port 80:
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=80 protocol=tcp accept'
-
Remove port forwarding of 8443 to 443:
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 forward-port to-port=8443 protocol=tcp port=443'
-
Remove port forwarding of 8080 to 80:
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 forward-port to-port=8080 protocol=tcp port=80'
To configure firewalld rules for an existing Management Console moving from an IPv6 to an IPv4 network perform the following steps:¶
-
Login to the Management Console host operating system console.
-
Enable required IPv4 ports.
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-port={22,443,80,5172}/tcp
-
Redirect IPv4 port 443 to port 8443.
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-forward-port=port=443:proto=tcp:toport=8443
-
Redirect IPv4 Port 80 to 8080.
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-forward-port=port=80:proto=tcp:toport=8080
-
Remove IPv6 rules.
-
Remove port forwarding to 8443 and 8080
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-forward-port=port=443:proto=tcp:toport=8443
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-forward-port=port=80:proto=tcp:toport=8080
-
Close port 443
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=443 protocol=tcp accept'
-
Close port 22
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=22 protocol=tcp accept'
-
Close port 5172
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=5172 protocol=tcp accept'
-
Close port 80
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=80 protocol=tcp accept'
-
-
Remove redirect of IPv4 port 443 to 8443.
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 forward-port to-port=8443 protocol=tcp port=443'
-
Remove redirect IPv6 Port 80 to 8080.
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 forward-port to-port=8080 protocol=tcp port=80'
-
Reload the firewall.
sudo firewall-cmd --reload
-
Confirm the rules are applied.
-
Check the firewalld status is active.
sudo systemctl status firewalld
-
Verify all rules are added in firewalld or not, all rules should be applied.
sudo firewall-cmd --list-all
-
To configure firewalld rules for an existing Management Console moving from an IPv4 to an IPv6 network perform the following steps:¶
-
Login to the Management Console host operating system console.
-
Remove IPv4 rules.
-
Close IPv4 ports
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-port={22,443,80,5172}/tcp
-
Remove IPv4 port forwarding to 8443 and 8080
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-forward-port=port=443:proto=tcp:toport=8443
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-forward-port=port=80:proto=tcp:toport=8080
-
-
Enable required IPv6 ports.
-
Open port 443
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-rich-rule='rule family=ipv6 port port=443 protocol=tcp accept'
-
Open port 22
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-rich-rule='rule family=ipv6 port port=22 protocol=tcp accept'
-
Open port 5172
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-rich-rule='rule family=ipv6 port port=5172 protocol=tcp accept'
-
Open port 80
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-rich-rule='rule family=ipv6 port port=80 protocol=tcp accept'
-
-
Redirect IPv6 port 443 to 8443.
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-rich-rule='rule family=ipv6 forward-port to-port=8443 protocol=tcp port=443'
-
Redirect IPv6 Port 80 to 8080.
sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-rich-rule='rule family=ipv6 forward-port to-port=8080 protocol=tcp port=80'
-
Reload the firewall.
sudo firewall-cmd --reload
-
Confirm the rules are applied.
-
Check the firewalld status is active.
sudo systemctl status firewalld
-
Verify all rules are added in firewalld or not, all rules should be applied.
sudo firewall-cmd --list-all
-