29장. Networking

Red Hat Enterprise Linux 7 introduces the arptables packages, which replace the arptables_jf packages included in Red Hat Enterprise Linux 6. All users of arptables are advised to update their scripts because the syntax of this version differs from arptables_jf.

The rsync utility cannot be run as a socket-activated service because the rsyncd@.service file is missing from the rsync package. Consequently, the systemctl start systemd.socket command does not work. However, running rsync as a daemon by executing the systemctl start systemd.service command works as expected.

It is not possible to connect to any Wi-Fi Protected Access (WPA) Enterprise Access Point (AP) that requires MD5-signed certificates. To work around this problem, copy the wpa_supplicant.service file from the /usr/lib/systemd/system/ directory to the /etc/systemd/system/ directory and add the following line to the Service section of the file:

Environment=OPENSSL_ENABLE_MD5_VERIFY=1

Then run the systemctl daemon-reload command as root to reload the service file.

Previously, named-chroot.service set up the chroot environment for the named daemon by mounting the necessary files and directories to the /var/named/chroot/ path before starting the daemon. However, if the startup of the daemon failed, the mounts remained mounted. As a consequence, the chroot environment was corrupted. This also affected named-sdb-chroot.service, which used the same chroot path. With this update, named-chroot.service and named-sdb-chroot.service have been modified and the chroot set up code has been separated into two new systemd services, named-chroot-setup.service and named-sdb-chroot-setup.service. In addition, the named-sdb daemon now uses its own chroot path, /var/named/chroot_sdb/. Also, named-sdb daemon has been removed from the bind-chroot package and is now included in its own bind-sdb-chroot subpackage. Users who use named-sdb in the chroot environment are advised to install the bind-sdb-chroot package.

The bind-dyndb-ldap plug-in does not fully support the DNS64 server. As a consequence, the BIND daemon configured with DNS64 terminates unexpectedly when a DNS64 query is processed by bind-dyndb-ldap. To work around this problem, disable DNS64 in the named.conf file. The whole section concerning DNS64 can be commented out.

In certain cases, when connecting two network interface controllers (NIC) that use the ixgbe driver, the TCP stream throughput does not exceed 8.4 GB. This problem manifests itself both on a NIC to NIC level, although to a very limited degree, as well as in combination with virtual machines running on top of an openvswitch bridge.

The vsftpd daemon does not currently support ciphers suites based on the ECDHE key-assignment protocol. Consequently, when vsftpd is configured to use such suites, the connection is refused with a no shared cipher SSL alert.

The -m vn2vn option of the fcoeadm command does not work correctly, and Fabric mode is always used instead of "vn2vn". As a consequence, a vn2vn instance cannot be created using fcoeadm, and the port state is offline instead of online. To work around this problem, modify the sysfs file manually to create a vn2vn link.

The brctl addbr name command, which is used for creating a new instance of an Ethernet bridge, also brings the interface up. Consequently, the brctl delbr name command does not delete the instance of an Ethernet bridge because the network interface corresponding to the bridge is not down. To work around the problem: