Moving Between IPv4 and IPv6

Management Console supports only pure IPv4 or IPv6 networks and not hybrid or stacked networks.

Upgrading and migrating at the same time

If a user wants to upgrade and migrate ( Ipv6 to Ipv4 and vice versa ) at the same time e.g. user want to upgrade from 20.04 IPv4 to 20.07 IPv6, we suggest they first complete upgrade (20.04 IPv4 to 20.07 IPv4 upgrade) and then following the IPv4 to IPv6 migration guideline

These steps must be performed in order for Management Console to operate successfully in a pure IPv4 or pure IPv6 environment.

Deleted Data

Be sure to backup your database in case you have to revert your change. When changing networks, Management Console will permanently delete unrelated data. See deleted data for more information on what is deleted.

To configure firewalld for an existing Management Console deployment that has been changed from IPv4 to IPv6 or vice versa

  1. Login to the Management Console host operating system console.

  2. Stop the mcconsole service.

    sudo systemctl stop mcconsole

  3. Stop the mcdaemon service.

    sudo systemctl stop mcdaemon

  4. To Enable or Disable IPv6 environment, you must modify the teradici.ipv6.conf file by executing either of the following commands.

    • To disable IPv6 configuration in an IPv4 environment

      sudo su
      echo -e "net.ipv6.conf.all.disable_ipv6=1\nnet.ipv6.conf.default.disable_ipv6=1" > /usr/lib/sysctl.d/teradici_ipv6.conf
      exit
      
    • To enable IPv6 configuration in an IPv6 environment

      sudo su
      echo -e "net.ipv6.conf.all.disable_ipv6=0\nnet.ipv6.conf.default.disable_ipv6=0" > /usr/lib/sysctl.d/teradici_ipv6.conf
      exit
      
  5. Change the NIC IP address to IPv4 or IPv6.

  6. Reboot your computer.

    sudo init 6

  7. Configure your Management Console firewall for the appropriate network.

  8. Run the scripts to delete unrelated data to maintain a pure IPv4 or IPv6 network.

    cd  /opt/teradici/database
    sudo python mc_env_db.py
    
  9. Start the mcconsole service.

    sudo systemctl start mcconsole

  10. Start the mcdaemon service.

    sudo systemctl start mcdaemon

Existing IPv6 rule removal

If your Management Console happens to have previous Management Console IPv6 rules configured, remove them now by performing the following steps.

Note : If rule is not enabled it shows a warning NOT_ENABLED

  1. Close port 443:


    sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=443 protocol=tcp accept'

  2. Close port 22:
    sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=22 protocol=tcp accept'

  3. Close port 5172:
    sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=5172 protocol=tcp accept'

  4. Close port 80:
    sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=80 protocol=tcp accept'

  5. Remove port forwarding of 8443 to 443:
    sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 forward-port to-port=8443 protocol=tcp port=443'

  6. Remove port forwarding of 8080 to 80:
    sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 forward-port to-port=8080 protocol=tcp port=80'

To configure firewalld rules for an existing Management Console moving from an IPv6 to an IPv4 network perform the following steps:

  1. Login to the Management Console host operating system console.

  2. Enable required IPv4 ports.

    sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-port={22,443,80,5172}/tcp

  3. Redirect IPv4 port 443 to port 8443.

    sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-forward-port=port=443:proto=tcp:toport=8443

  4. Redirect IPv4 Port 80 to 8080.

    sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-forward-port=port=80:proto=tcp:toport=8080

  5. Remove IPv6 rules.

    • Remove port forwarding to 8443 and 8080

      sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-forward-port=port=443:proto=tcp:toport=8443

      sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-forward-port=port=80:proto=tcp:toport=8080

    • Close port 443

      sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=443 protocol=tcp accept'

    • Close port 22

      sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=22 protocol=tcp accept'

    • Close port 5172

      sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=5172 protocol=tcp accept'

    • Close port 80

      sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 port port=80 protocol=tcp accept'

  6. Remove redirect of IPv4 port 443 to 8443.

    sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 forward-port to-port=8443 protocol=tcp port=443'

  7. Remove redirect IPv6 Port 80 to 8080.

    sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-rich-rule='rule family=ipv6 forward-port to-port=8080 protocol=tcp port=80'

  8. Reload the firewall.

    sudo firewall-cmd --reload

  9. Confirm the rules are applied.

    1. Check the firewalld status is active.
      sudo systemctl status firewalld
      Firewalld Active Status

    2. Verify all rules are added in firewalld or not, all rules should be applied.
      sudo firewall-cmd --list-all
      Firewalld Listed Rules

To configure firewalld rules for an existing Management Console moving from an IPv4 to an IPv6 network perform the following steps:

  1. Login to the Management Console host operating system console.

  2. Remove IPv4 rules.

    • Close IPv4 ports

      sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-port={22,443,80,5172}/tcp

    • Remove IPv4 port forwarding to 8443 and 8080

      sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-forward-port=port=443:proto=tcp:toport=8443

      sudo firewall-cmd --zone=$(echo $def_zone) --permanent --remove-forward-port=port=80:proto=tcp:toport=8080

  3. Enable required IPv6 ports.

    • Open port 443

      sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-rich-rule='rule family=ipv6 port port=443 protocol=tcp accept'

    • Open port 22

      sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-rich-rule='rule family=ipv6 port port=22 protocol=tcp accept'

    • Open port 5172

      sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-rich-rule='rule family=ipv6 port port=5172 protocol=tcp accept'

    • Open port 80

      sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-rich-rule='rule family=ipv6 port port=80 protocol=tcp accept'

  4. Redirect IPv6 port 443 to 8443.

    sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-rich-rule='rule family=ipv6 forward-port to-port=8443 protocol=tcp port=443'

  5. Redirect IPv6 Port 80 to 8080.

    sudo firewall-cmd --zone=$(echo $def_zone) --permanent --add-rich-rule='rule family=ipv6 forward-port to-port=8080 protocol=tcp port=80'

  6. Reload the firewall.

    sudo firewall-cmd --reload

  7. Confirm the rules are applied.

    1. Check the firewalld status is active.
      sudo systemctl status firewalld
      Firewalld Active Status

    2. Verify all rules are added in firewalld or not, all rules should be applied.
      sudo firewall-cmd --list-all
      Firewalld Listed Rules