我的 Linux 板有 2 个接口,一个是物理 eth1,另一个是 Tap 接口 tun0。我需要将所有源IP为tun0 IP的数据包转发到eth1 IP。所以我正在考虑使用natting。我用的是where 2001:db8:0:f101::1/64is tun0ip 和fd01:cab:1:16::190/64is the eth1IP。
ip6tables -t nat -A INPUT/POSTROUTING --source 2001:db8:0:f101::1 -j SNAT --to-source fd01:cab:1:16::190
root@xxxxxxxxx:/mnt/mainfs/local# ifconfig eth1
eth1 Link encap:Ethernet HWaddr 08:6A:0A:5B:17:07
inet addr:172.63.102.18 Bcast:172.63.102.255 Mask:255.255.255.0
inet6 addr: fe80::a6a:aff:fe5b:1707/64 Scope:Link
inet6 addr: fd01:cab:1:16::190/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1685 errors:0 dropped:3 overruns:0 frame:0
TX packets:2433 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:213026 (208.0 KiB) TX bytes:409380 (399.7 KiB)
Interrupt:168
root@xxxxxxxxx:/mnt/mainfs/local# ifconfig tun0
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: 2001:db8:0:f101::1/64 Scope:Global
UP POINTOPOINT NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
我尝试fc01:eab:96:1::4从我的板上对一台机器执行 ping 操作,但未执行 ping 操作。我的SNAT命令正确吗?
root@msmci-ASK170100080:/mnt/mainfs/local# ping6 fc01:eab:96:1::4 -I 2001:db8:0:f101::1
PING fc01:eab:96:1::4 (fc01:eab:96:1::4) from 2001:db8:0:f101::1: 56 data bytes
root@msmci-ASK170100080:/mnt/mainfs/local# ping6 fc01:eab:96:1::4
PING fc01:eab:96:1::4 (fc01:eab:96:1::4): 56 data bytes
64 bytes from fc01:eab:96:1::4: seq=0 ttl=61 time=1.840 ms
64 bytes from fc01:eab:96:1::4: seq=1 ttl=61 time=1.544 ms
^C
--- fc01:eab:96:1::4 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss