Chapter 29. Networking
- Red Hat Enterprise Linux 7 introduces the arptables packages, which replace the arptables_jf packages included in Red Hat Enterprise Linux 6. All users of arptables are advised to update their scripts because the syntax of this version differs from arptables_jf.
rsyncutility cannot be run as a socket-activated service because the
rsyncd@.servicefile is missing from the rsync package. Consequently, the
systemctl start systemd.socketcommand does not work. However, running
rsyncas a daemon by executing the
systemctl start systemd.servicecommand works as expected.
- It is not possible to connect to any Wi-Fi Protected Access (WPA) Enterprise Access Point (AP) that requires MD5-signed certificates. To work around this problem, copy the
wpa_supplicant.servicefile from the
/usr/lib/systemd/system/directory to the
/etc/systemd/system/directory and add the following line to the
Servicesection of the file:
Environment=OPENSSL_ENABLE_MD5_VERIFY=1Then run the
systemctl daemon-reloadcommand as root to reload the service file.
ImportantNote that MD5 certificates are highly insecure and Red Hat does not recommend using them.
named-chroot.serviceset up the
chrootenvironment for the
nameddaemon by mounting the necessary files and directories to the
/var/named/chroot/path before starting the daemon. However, if the startup of the daemon failed, the mounts remained mounted. As a consequence, the
chrootenvironment was corrupted. This also affected
named-sdb-chroot.service, which used the same
chrootpath. With this update,
named-sdb-chroot.servicehave been modified and the
chrootset up code has been separated into two new
named-sdb-chroot-setup.service. In addition, the
named-sdbdaemon now uses its own
named-sdbdaemon has been removed from the bind-chroot package and is now included in its own bind-sdb-chroot subpackage. Users who use
chrootenvironment are advised to install the bind-sdb-chroot package.
bind-dyndb-ldapplug-in does not fully support the DNS64 server. As a consequence, the
BINDdaemon configured with DNS64 terminates unexpectedly when a DNS64 query is processed by
bind-dyndb-ldap. To work around this problem, disable DNS64 in the
named.conffile. The whole section concerning DNS64 can be commented out.
- In certain cases, when connecting two network interface controllers (NIC) that use the
ixgbedriver, the TCP stream throughput does not exceed 8.4 GB. This problem manifests itself both on a NIC to NIC level, although to a very limited degree, as well as in combination with virtual machines running on top of an openvswitch bridge.
vsftpddaemon does not currently support ciphers suites based on the ECDHE key-assignment protocol. Consequently, when vsftpd is configured to use such suites, the connection is refused with a
no shared cipherSSL alert.
-m vn2vnoption of the
fcoeadmcommand does not work correctly, and Fabric mode is always used instead of "vn2vn". As a consequence, a vn2vn instance cannot be created using
fcoeadm, and the port state is offline instead of online. To work around this problem, modify the
sysfsfile manually to create a vn2vn link.
brctl addbr namecommand, which is used for creating a new instance of an Ethernet bridge, also brings the interface up. Consequently, the
brctl delbr namecommand does not delete the instance of an Ethernet bridge because the network interface corresponding to the bridge is not down. To work around the problem:
- Either bring the instance down by using the
ip link set dev name downcommand before running the
brctl delbr namecommand;
- Or use the
ip link del namecommand for deleting the instance.