29장. Networking
arptables
component, BZ#1018135- Red Hat Enterprise Linux 7 introduces the arptables packages, which replace the arptables_jf packages included in Red Hat Enterprise Linux 6. All users of arptables are advised to update their scripts because the syntax of this version differs from arptables_jf.
rsync
component, BZ#1082496- The
rsync
utility cannot be run as a socket-activated service because thersyncd@.service
file is missing from the rsync package. Consequently, thesystemctl start systemd.socket
command does not work. However, runningrsync
as a daemon by executing thesystemctl start systemd.service
command works as expected. openssl
component, BZ#1062656- It is not possible to connect to any Wi-Fi Protected Access (WPA) Enterprise Access Point (AP) that requires MD5-signed certificates. To work around this problem, copy the
wpa_supplicant.service
file from the/usr/lib/systemd/system/
directory to the/etc/systemd/system/
directory and add the following line to theService
section of the file:Environment=OPENSSL_ENABLE_MD5_VERIFY=1
Then run thesystemctl daemon-reload
command as root to reload the service file.중요
Note that MD5 certificates are highly insecure and Red Hat does not recommend using them. bind
component, BZ#1004300- Previously,
named-chroot.service
set up thechroot
environment for thenamed
daemon by mounting the necessary files and directories to the/var/named/chroot/
path before starting the daemon. However, if the startup of the daemon failed, the mounts remained mounted. As a consequence, thechroot
environment was corrupted. This also affectednamed-sdb-chroot.service
, which used the samechroot
path. With this update,named-chroot.service
andnamed-sdb-chroot.service
have been modified and thechroot
set up code has been separated into two newsystemd
services,named-chroot-setup.service
andnamed-sdb-chroot-setup.service
. In addition, thenamed-sdb
daemon now uses its ownchroot
path,/var/named/chroot_sdb/
. Also,named-sdb
daemon has been removed from the bind-chroot package and is now included in its own bind-sdb-chroot subpackage. Users who usenamed-sdb
in thechroot
environment are advised to install the bind-sdb-chroot package. bind-dyndb-ldap
component, BZ#1078295- The
bind-dyndb-ldap
plug-in does not fully support the DNS64 server. As a consequence, theBIND
daemon configured with DNS64 terminates unexpectedly when a DNS64 query is processed bybind-dyndb-ldap
. To work around this problem, disable DNS64 in thenamed.conf
file. The whole section concerning DNS64 can be commented out. openswitch
component, BZ#1066493- In certain cases, when connecting two network interface controllers (NIC) that use the
ixgbe
driver, the TCP stream throughput does not exceed 8.4 GB. This problem manifests itself both on a NIC to NIC level, although to a very limited degree, as well as in combination with virtual machines running on top of an openvswitch bridge. vsftpd
component, BZ#1058712- The
vsftpd
daemon does not currently support ciphers suites based on the ECDHE key-assignment protocol. Consequently, when vsftpd is configured to use such suites, the connection is refused with ano shared cipher
SSL alert. fcoe-utils
component, BZ#1049200- The
-m vn2vn
option of thefcoeadm
command does not work correctly, and Fabric mode is always used instead of "vn2vn". As a consequence, a vn2vn instance cannot be created usingfcoeadm
, and the port state is offline instead of online. To work around this problem, modify thesysfs
file manually to create a vn2vn link. NetworkManager
component, BZ#1030947- The
brctl addbr name
command, which is used for creating a new instance of an Ethernet bridge, also brings the interface up. Consequently, thebrctl delbr name
command does not delete the instance of an Ethernet bridge because the network interface corresponding to the bridge is not down. To work around the problem:- Either bring the instance down by using the
ip link set dev name down
command before running thebrctl delbr name
command; - Or use the
ip link del name
command for deleting the instance.