搭建ipv6内网

很久之前就搭建了,补回

学校ipv6终于能连出去了,故计划将寝室内网改成双栈

方式选择

网上主要有两种方法,一种是将外网和内网桥接起来,只开放ipv6相关数据包。另一种则是NAT地址转发,典型的家庭路由器用法。

权衡之后,选择第二种。

ipv6的私有地址网段是fc00::/7,不过由于不知名原因(wiki相关的那坨英文没看懂),要使用fd00::/8,也就是,fd固定,后面你自己喜欢定啥都行,懒得想的话可以在这个网站生成。

以下假设网卡是eth0,请根据实际修改。

配置网卡

编辑/etc/networking/interfaces

1
2
3
4
5
6
7
auto eth0
iface eth0 inet6 static
  address fdxx:xxxx:xxxx:xxxx::1
  netmask 64
  autoconf 0
  dad-attempts 0
  accept_ra 0

两种分配地址方式

以下有两种情况,一种是stateless,好象是告知网段后设备自行生成地址,配置起来比较简单,一种是stateful,需要搭配DHCP服务器。

第一种:Stateless

安装radvd

1
sudo apt-get install radvd

编辑文件/etc/radvd.conf

1
2
3
4
5
6
7
8
9
10
11
interface eth0
{
    AdvSendAdvert on;
    prefix fdxx:xxxx:xxxx:xxxx::1/64 {
        AdvOnLink on;
        AdvAutonomous on;
    };
    # 告知DNS服务器-可以按需修改
    RDNSS 2001:4860:4860::8888{
    };
};

第二种:Stateful

安装radvd和isc-dhcp-server

1
sudo apt-get install radvd isc-dhcp-server

编辑文件/etc/radvd.conf

1
2
3
4
5
6
7
8
9
10
interface eth0
{
     AdvSendAdvert on;
     AdvManagedFlag on; # 从DHCP服务器获取ip
     AdvOtherConfigFlag on; # 从DHCP服务器获取其他配置信息
     prefix fd5d:12c9:2201:1::1/64 {
        AdvOnLink on;
        AdvAutonomous on;
    };
};

这里提一下,如果AdvAutonomous 设为 on,设备除了有一个从DHCP服务器上获取的ip地址外,同时仍会有一个自行生成的ip地址

创建(若不存在)及编辑文件/etc/dhcp/dhcpd6.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# IPv6 address valid lifetime
#  (at the end the address is no longer usable by the client)
#  (set to 30 days, the usual IPv6 default)
default-lease-time 2592000;
# T1, the delay before Renew
#  (default is 1/2 preferred lifetime)
#  (set to 1 hour)
option dhcp-renewal-time 3600;
# T2, the delay before Rebind (if Renews failed)
#  (default is 3/4 preferred lifetime)
#  (set to 2 hours)
option dhcp-rebinding-time 7200;
# Enable RFC 5007 support (same than for DHCPv4)
allow leasequery;
# The delay before information-request refresh
#  (minimum is 10 minutes, maximum one day, default is to not refresh)
#  (set to 6 hours)
option dhcp6.info-refresh-time 21600;
subnet6 fdxx:xxxx:xxxx:xxxx::/64 {
    range6 fdxx:xxxx:xxxx:xxxx::100 fdxx:xxxx:xxxx:xxxx::200;
    # 按需修改dns服务器
    option dhcp6.name-servers fdxx:xxxx:xxxx:xxxx::1;
}

编辑/etc/default/isc-dhcp-server,启用DHCPv6_CONF和DHCPv6_PID(我同时开了ipv4),重启服务

注意:较为旧的isc-dhcp-server不支持该方法,如Debian的Jessise中

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
DHCPDv4_PID=/var/run/dhcpd.pid
DHCPDv6_PID=/var/run/dhcpd6.pid
# Additional options to start dhcpd with.
#       Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
#OPTIONS=""
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
#       Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACESv4="eth0"
INTERFACESv6="eth0"

在旧版本isc-dhcp-server里,需手动开启,如何开机执行该命令在此不做阐述

1
sudo dhcpd -6  -cf /etc/dhcp/dhcpd6.conf -lf /var/lib/dhcp/dhcpd6.leases eth0

配置NAT

启用路由转发

1
sudo sysctl net.ipv6.conf.all.forwarding=1

永久有效的话需写入net.ipv6.conf.all.forwarding=1/etc/sysclt.conf

设置地址转发,以下的eth1为外网网卡,按需修改

1
sudo ip6tables -t nat -A POSTROUTING -o eth1 -s fdxx:xxxx:xxxx:xxxx::/64 -j MASQUERADE

附加

到此,一个可以连外网的ipv6内网基本算是搭建完成,你可以按需加点什么,比如防火墙、dnsmasq什么的。

相关资料

IPv6 - Set Up An IPv6 LAN with Linux | Jumping Bean - We Build, We Support, We Train
IPv6 address - Wikipedia
radvd.conf(5) - Linux man page