PER ASPERA AD ASTRA

XYenon's Blog


  • 首页
  • 归档
  • 分类
  • 标签
  • 朋友们
  •   

© 2024 XYenon

Theme Typography by Makito

Proudly published with Hexo

路由器转发 IPv6 配置方法

发布于 2017-10-09 评论 技术  路由器 IPv6 

方法来自 Internet,非原创,部分内容转自萨摩公园

IPv6 的设计之初是没有 NAT(网络地址转换)这种东西的, 但 Linux 内核从 3.7 版本开始实现了 IPv6 的 NAT。因此这种方案实际上是「歪门邪道」,更要命的是路由器下的设备将会无法获得公网端口,BT/PT 的上传速度受到了很大影响。

Padavan 的 Linux 内核原生不支持 NAT6,不到万不得已,尽量选用其它方案。

硬件要求

  • 开通并缴费的校园网
  • 能刷 OpenWrt/LEDE 的路由器(在斐讯 K1 上通过测试)
  • 支持 IPv6 的电脑或手机(最好是电脑)

路由器设置

刷路由器

路由器刷机方法较多,具体方法可以去恩山论坛,KoolShare 社区等查找。

连接互联网

  1. 登录路由器管理页面
  2. 打开网络-接口选项卡
  3. 点 WAN 的修改
  4. 按照自己网络的实际情况配置
  5. 保存&应用

启用路由器的 IPv6 转发

此部分可能需要基本 Linux 操作知识

打开路由器 SSH,SCP 访问权限

  1. 打开系统-管理权选项卡
  2. SSH 访问部分,接口选择 LAN,端口 22,勾选密码验证,允许 Root 用户凭密码登录,点击保存&应用

使用 SSH 连接路由器

只说 Windows 系统的连接方法,MacOS 我没有用过 用 Linux 的怎么连自己心里没点儿 B 数吗

下载(并安装) Xshell 或 PuTTY

下面使用 Xshell 演示,PuTTY 操作类似

  1. 打开 Xshell,点击新建
  2. 名称随意,主机输入路由器管理页面地址(一般是 192.168.1.1)
  3. 点击用户身份验证,用户名输入 root,密码输入路由器管理页面登录密码,点击确定
  4. 点击选择刚添加的会话,点击连接

启用路由器的 IPv6 转发

依次输入命令

opkg update && opkg install kmod-ipt-nat6
uci set network.globals.ula_prefix="$(uci get network.globals.ula_prefix | sed 's/^./d/')"
uci commit network
uci set dhcp.lan.ra_default='1'
uci commit dhcp
touch /etc/init.d/nat6

下载并安装 WinSCP

打开 WinSCP
文件协议选择 SCP,主机输入路由器管理页面地址(一般是 192.168.1.1),用户名输入 root,密码输入路由器管理页面登录密码,点击登录
双击蓝框空白部分
打开目录输入 /etc/init.d/,点击确定
双击打开 nat6 文件
将下面的内容复制到编辑器输入框中,点击左上角的保存图标

##!/bin/sh /etc/rc.common
## NAT6 init script for OpenWrt // Depends on package: kmod-ipt-nat6

START=55

## Options
## -------

## Use temporary addresses (IPv6 privacy extensions) for outgoing connections? Yes: 1 / No: 0
PRIVACY=1

## Maximum number of attempts before this script will stop in case no IPv6 route is available
## This limits the execution time of the IPv6 route lookup to (MAX_TRIES+1)*(MAX_TRIES/2) seconds. The default (15) equals 120 seconds.
MAX_TRIES=15

## An initial delay (in seconds) helps to avoid looking for the IPv6 network too early. Ideally, the first probe is successful.
## This would be the case if the time passed between the system log messages "Probing IPv6 route" and "Setting up NAT6" is 1 second.
DELAY=5

## Logical interface name of outbound IPv6 connection
## There should be no need to modify this, unless you changed the default network interface names
## Edit by Vincent: I never changed my default network interface names, but still I have to change the WAN6_NAME to "wan" instead of "wan6"
WAN6_NAME="wan6"

## ---------------------------------------------------
## Options end here - no need to change anything below

boot() {
       [ $DELAY -gt 0 ] && sleep $DELAY
       logger -t NAT6 "Probing IPv6 route"
       PROBE=0
       COUNT=1
       while [ $PROBE -eq 0 ]
       do
               if [ $COUNT -gt $MAX_TRIES ]
               then
                       logger -t NAT6 "Fatal error: No IPv6 route found (reached retry limit)" && exit 1
               fi
               sleep $COUNT
               COUNT=$((COUNT+1))
               PROBE=$(route -A inet6 | grep -c '::/0')
       done

       logger -t NAT6 "Setting up NAT6"

       WAN6_INTERFACE=$(uci get "network.$WAN6_NAME.ifname")
       if [ -z "$WAN6_INTERFACE" ] || [ ! -e "/sys/class/net/$WAN6_INTERFACE/" ] ; then
               logger -t NAT6 "Fatal error: Lookup of $WAN6_NAME interface failed. Were the default interface names changed?" && exit 1
       fi
       WAN6_GATEWAY=$(route -A inet6 -e | grep "$WAN6_INTERFACE" | awk '/::\/0/{print $2; exit}')
       if [ -z "$WAN6_GATEWAY" ] ; then
               logger -t NAT6 "Fatal error: No IPv6 gateway for $WAN6_INTERFACE found" && exit 1
       fi
       LAN_ULA_PREFIX=$(uci get network.globals.ula_prefix)
       if [ $(echo "$LAN_ULA_PREFIX" | grep -c -E "^([0-9a-fA-F]{4}):([0-9a-fA-F]{0,4}):") -ne 1 ] ; then
               logger -t NAT6 "Fatal error: IPv6 ULA prefix $LAN_ULA_PREFIX seems invalid. Please verify that a prefix is set and valid." && exit 1
       fi

       ip6tables -t nat -I POSTROUTING -s "$LAN_ULA_PREFIX" -o "$WAN6_INTERFACE" -j MASQUERADE
       if [ $? -eq 0 ] ; then
               logger -t NAT6 "Added IPv6 masquerading rule to the firewall (Src: $LAN_ULA_PREFIX - Dst: $WAN6_INTERFACE)"
       else
               logger -t NAT6 "Fatal error: Failed to add IPv6 masquerading rule to the firewall (Src: $LAN_ULA_PREFIX - Dst: $WAN6_INTERFACE)" && exit 1
       fi

       route -A inet6 add 2000::/3 gw "$WAN6_GATEWAY" dev "$WAN6_INTERFACE"
       if [ $? -eq 0 ] ; then
               logger -t NAT6 "Added $WAN6_GATEWAY to routing table as gateway on $WAN6_INTERFACE for outgoing connections"
       else
               logger -t NAT6 "Error: Failed to add $WAN6_GATEWAY to routing table as gateway on $WAN6_INTERFACE for outgoing connections"
       fi

       if [ $PRIVACY -eq 1 ] ; then
               echo 2 > "/proc/sys/net/ipv6/conf/$WAN6_INTERFACE/accept_ra"
               if [ $? -eq 0 ] ; then
                       logger -t NAT6 "Accepting router advertisements on $WAN6_INTERFACE even if forwarding is enabled (required for temporary addresses)"
               else
                       logger -t NAT6 "Error: Failed to change router advertisements accept policy on $WAN6_INTERFACE (required for temporary addresses)"
               fi
               echo 2 > "/proc/sys/net/ipv6/conf/$WAN6_INTERFACE/use_tempaddr"
               if [ $? -eq 0 ] ; then
                       logger -t NAT6 "Using temporary addresses for outgoing connections on interface $WAN6_INTERFACE"
               else
                       logger -t NAT6 "Error: Failed to enable temporary addresses for outgoing connections on interface $WAN6_INTERFACE"
               fi
       fi

       exit 0
}

回到 Xshell,继续依次输入

chmod +x /etc/init.d/nat6
/etc/init.d/nat6 enable
uci set firewall.@rule["$(uci show firewall | grep 'Allow-ICMPv6-Forward' | cut -d'[' -f2 | cut -d']' -f1)"].enabled='0'
uci commit firewall

回到 WinSCP,按照上面的方法打开 /etc/ 目录下的 sysctl.conf,加入(或修改为)以下内容,并保存

net.ipv6.conf.default.forwarding=2
net.ipv6.conf.all.forwarding=2
net.ipv6.conf.default.accept_ra=2
net.ipv6.conf.all.accept_ra=2

按照上面的方法打开 /etc/ 目录下的 firewall.user,加入以下内容,并保存

ip6tables -t nat -I POSTROUTING -s $(uci get network.globals.ula_prefix) -j MASQUERADE

重启路由器

分享到 

 上一篇: 路由器 KMS 服务器部署 下一篇: Hello World ! 

© 2024 XYenon

Theme Typography by Makito

Proudly published with Hexo