XYenon's Blog

学会思考,停止盲从

  1. 1. 硬件要求
  2. 2. 路由器设置
    1. 2.1. 刷路由器
    2. 2.2. 连接互联网
    3. 2.3. 启用路由器的 IPv6 转发
      1. 2.3.1. 打开路由器 SSH,SCP 访问权限
      2. 2.3.2. 使用 SSH 连接路由器
      3. 2.3.3. 启用路由器的IPv6转发

方法来自 Internet,非原创,部分内容转自萨摩公园

IPv6 的设计之初是没有 NAT(网络地址转换)这种东西的, 但 Linux 内核从 3.7 版本开始实现了 IPv6 的 NAT。因此这种方案实际上是「歪门邪道」,更要命的是路由器下的设备将会无法获得公网端口,BT/PT 的上传速度受到了很大影响。

Padavan 的 Linux 内核原生不支持 NAT6,不到万不得已,尽量选用其它方案。

硬件要求

  • 开通并缴费的校园网
  • 能刷 OpenWrt/LEDE 的路由器(在斐讯 K1 上通过测试)
  • 支持 IPv6 的电脑或手机(最好是电脑)

路由器设置

刷路由器

路由器刷机方法较多,具体方法可以去恩山论坛KoolShare 社区等查找。

连接互联网

  1. 登录路由器管理页面
  2. 打开网络-接口选项卡
  3. WAN修改
  4. 按照自己网络的实际情况配置
  5. 保存&应用

启用路由器的 IPv6 转发

此部分可能需要基本 Linux 操作知识

打开路由器 SSH,SCP 访问权限

  1. 打开系统-管理权选项卡
  2. SSH 访问部分,接口选择 LAN,端口 22,勾选密码验证允许 Root 用户凭密码登录,点击保存&应用

使用 SSH 连接路由器

只说 Windows 系统的连接方法,MacOS 我没有用过 用 Linux 的怎么连自己心里没点儿 B 数吗

下载(并安装) XshellPuTTY

下面使用 Xshell 演示,PuTTY 操作类似

  1. 打开 Xshell,点击新建
  2. 名称随意,主机输入路由器管理页面地址(一般是 192.168.1.1
  3. 点击用户身份验证用户名输入 root密码输入路由器管理页面登录密码,点击确定
  4. 点击选择刚添加的会话,点击连接

启用路由器的IPv6转发

依次输入命令

opkg update && opkg install kmod-ipt-nat6
uci set network.globals.ula_prefix="$(uci get network.globals.ula_prefix | sed 's/^./d/')"
uci commit network
uci set dhcp.lan.ra_default='1'
uci commit dhcp
touch /etc/init.d/nat6

下载并安装 WinSCP

打开 WinSCP
文件协议选择 SCP主机输入路由器管理页面地址(一般是 192.168.1.1),用户名输入 root密码输入路由器管理页面登录密码,点击登录
双击蓝框空白部分
打开目录输入 /etc/init.d/,点击确定
双击打开 nat6 文件
将下面的内容复制到编辑器输入框中,点击左上角的保存图标

##!/bin/sh /etc/rc.common
## NAT6 init script for OpenWrt // Depends on package: kmod-ipt-nat6

START=55

## Options
## -------

## Use temporary addresses (IPv6 privacy extensions) for outgoing connections? Yes: 1 / No: 0
PRIVACY=1

## Maximum number of attempts before this script will stop in case no IPv6 route is available
## This limits the execution time of the IPv6 route lookup to (MAX_TRIES+1)*(MAX_TRIES/2) seconds. The default (15) equals 120 seconds.
MAX_TRIES=15

## An initial delay (in seconds) helps to avoid looking for the IPv6 network too early. Ideally, the first probe is successful.
## This would be the case if the time passed between the system log messages "Probing IPv6 route" and "Setting up NAT6" is 1 second.
DELAY=5

## Logical interface name of outbound IPv6 connection
## There should be no need to modify this, unless you changed the default network interface names
## Edit by Vincent: I never changed my default network interface names, but still I have to change the WAN6_NAME to "wan" instead of "wan6"
WAN6_NAME="wan6"

## ---------------------------------------------------
## Options end here - no need to change anything below

boot() {
       [ $DELAY -gt 0 ] && sleep $DELAY
       logger -t NAT6 "Probing IPv6 route"
       PROBE=0
       COUNT=1
       while [ $PROBE -eq 0 ]
       do
               if [ $COUNT -gt $MAX_TRIES ]
               then
                       logger -t NAT6 "Fatal error: No IPv6 route found (reached retry limit)" && exit 1
               fi
               sleep $COUNT
               COUNT=$((COUNT+1))
               PROBE=$(route -A inet6 | grep -c '::/0')
       done

       logger -t NAT6 "Setting up NAT6"

       WAN6_INTERFACE=$(uci get "network.$WAN6_NAME.ifname")
       if [ -z "$WAN6_INTERFACE" ] || [ ! -e "/sys/class/net/$WAN6_INTERFACE/" ] ; then
               logger -t NAT6 "Fatal error: Lookup of $WAN6_NAME interface failed. Were the default interface names changed?" && exit 1
       fi
       WAN6_GATEWAY=$(route -A inet6 -e | grep "$WAN6_INTERFACE" | awk '/::\/0/{print $2; exit}')
       if [ -z "$WAN6_GATEWAY" ] ; then
               logger -t NAT6 "Fatal error: No IPv6 gateway for $WAN6_INTERFACE found" && exit 1
       fi
       LAN_ULA_PREFIX=$(uci get network.globals.ula_prefix)
       if [ $(echo "$LAN_ULA_PREFIX" | grep -c -E "^([0-9a-fA-F]{4}):([0-9a-fA-F]{0,4}):") -ne 1 ] ; then
               logger -t NAT6 "Fatal error: IPv6 ULA prefix $LAN_ULA_PREFIX seems invalid. Please verify that a prefix is set and valid." && exit 1
       fi

       ip6tables -t nat -I POSTROUTING -s "$LAN_ULA_PREFIX" -o "$WAN6_INTERFACE" -j MASQUERADE
       if [ $? -eq 0 ] ; then
               logger -t NAT6 "Added IPv6 masquerading rule to the firewall (Src: $LAN_ULA_PREFIX - Dst: $WAN6_INTERFACE)"
       else
               logger -t NAT6 "Fatal error: Failed to add IPv6 masquerading rule to the firewall (Src: $LAN_ULA_PREFIX - Dst: $WAN6_INTERFACE)" && exit 1
       fi

       route -A inet6 add 2000::/3 gw "$WAN6_GATEWAY" dev "$WAN6_INTERFACE"
       if [ $? -eq 0 ] ; then
               logger -t NAT6 "Added $WAN6_GATEWAY to routing table as gateway on $WAN6_INTERFACE for outgoing connections"
       else
               logger -t NAT6 "Error: Failed to add $WAN6_GATEWAY to routing table as gateway on $WAN6_INTERFACE for outgoing connections"
       fi

       if [ $PRIVACY -eq 1 ] ; then
               echo 2 > "/proc/sys/net/ipv6/conf/$WAN6_INTERFACE/accept_ra"
               if [ $? -eq 0 ] ; then
                       logger -t NAT6 "Accepting router advertisements on $WAN6_INTERFACE even if forwarding is enabled (required for temporary addresses)"
               else
                       logger -t NAT6 "Error: Failed to change router advertisements accept policy on $WAN6_INTERFACE (required for temporary addresses)"
               fi
               echo 2 > "/proc/sys/net/ipv6/conf/$WAN6_INTERFACE/use_tempaddr"
               if [ $? -eq 0 ] ; then
                       logger -t NAT6 "Using temporary addresses for outgoing connections on interface $WAN6_INTERFACE"
               else
                       logger -t NAT6 "Error: Failed to enable temporary addresses for outgoing connections on interface $WAN6_INTERFACE"
               fi
       fi

       exit 0
}

回到 Xshell,继续依次输入

chmod +x /etc/init.d/nat6
/etc/init.d/nat6 enable
uci set [email protected]["$(uci show firewall | grep 'Allow-ICMPv6-Forward' | cut -d'[' -f2 | cut -d']' -f1)"].enabled='0'
uci commit firewall

回到 WinSCP,按照上面的方法打开 /etc/ 目录下的 sysctl.conf,加入(或修改为)以下内容,并保存

net.ipv6.conf.default.forwarding=2
net.ipv6.conf.all.forwarding=2
net.ipv6.conf.default.accept_ra=2
net.ipv6.conf.all.accept_ra=2

按照上面的方法打开 /etc/ 目录下的 firewall.user,加入以下内容,并保存

ip6tables -t nat -I POSTROUTING -s $(uci get network.globals.ula_prefix) -j MASQUERADE

重启路由器

本文作者 : XYenon
本文使用 署名-非商业性使用-相同方式共享 4.0 国际 (CC BY-NC-SA 4.0) 协议
本文链接 : https://blog.xyenon.bid/路由器转发-IPv6-配置方法/

本文最后更新于 天前,文中所描述的信息可能已发生改变