Alpine Linux 作为路由器 - Hurricane electric/隧道代理 6in4 不将数据包路由到 LAN

tag-icon tag-icon ipv6 tunnel alpine-linux
Alpine Linux 作为路由器 - Hurricane electric/隧道代理 6in4 不将数据包路由到 LAN

我正在尝试使 IPv6 正常工作。我使用 alpine Linux 作为路由器。到目前为止,我已经在路由器上建立了隧道。我的路由器可以 ping6 ipv6.google.com 并收到回复。

我已经使用 radvd 设置了路由器广告。网络上的主机正在从 RA 获取 IPv6 地址。但是它们无法访问仅支持 ipv6 的网站,例如 ipv6.google.com。它们也无法 ping 这些网站。我可以看到它们能够查找 ipv6 地址。

从我的数据包捕获来看,当主机 ping 时,他们会收到回复,但路由器似乎没有将 ipv6 转发回 LAN 接口(br0)。

he-ipv6 接口上的数据包捕获

10:14:44.483729 IP6 fe80::d8da:8e32 > fe80::ca82:d707: ICMP6, destination unreachable, beyond scope mel05s01-in-x0e.1e100.net, source address fe80::ca82:d707, length 208
10:14:45.464047 IP6 2001:470:1f2c:103:9f3f:91cc:8361:eeee > mel05s01-in-x0e.1e100.net: ICMP6, echo request, id 10119, seq 4, length 64
10:14:45.490016 IP6 mel05s01-in-x0e.1e100.net > 2001:470:1f2c:103:9f3f:91cc:8361:eeee: ICMP6, echo reply, id 10119, seq 4, length 64
10:14:45.490121 IP6 fe80::ca82:d707 > mel05s01-in-x0e.1e100.net: ICMP6, redirect, 2001:470:1f2c:103:9f3f:91cc:8361:eeee to 2001:470:1f2c:103:9f3f:91cc:8361:eeee, length 160
10:14:45.490155 IP6 mel05s01-in-x0e.1e100.net > 2001:470:1f2c:103:9f3f:91cc:8361:eeee: ICMP6, echo reply, id 10119, seq 4, length 64
10:14:45.502716 IP6 fe80::d8da:8e32 > fe80::ca82:d707: ICMP6, destination unreachable, beyond scope mel05s01-in-x0e.1e100.net, source address fe80::ca82:d707, length 208
10:14:46.487898 IP6 2001:470:1f2c:103:9f3f:91cc:8361:eeee > mel05s01-in-x0e.1e100.net: ICMP6, echo request, id 10119, seq 5, length 64
10:14:46.514088 IP6 mel05s01-in-x0e.1e100.net > 2001:470:1f2c:103:9f3f:91cc:8361:eeee: ICMP6, echo reply, id 10119, seq 5, length 64
10:14:46.514191 IP6 fe80::ca82:d707 > mel05s01-in-x0e.1e100.net: ICMP6, redirect, 2001:470:1f2c:103:9f3f:91cc:8361:eeee to 2001:470:1f2c:103:9f3f:91cc:8361:eeee, length 160
10:14:46.514224 IP6 mel05s01-in-x0e.1e100.net > 2001:470:1f2c:103:9f3f:91cc:8361:eeee: ICMP6, echo reply, id 10119, seq 5, length 64
10:14:46.527771 IP6 fe80::d8da:8e32 > fe80::ca82:d707: ICMP6, destination unreachable, beyond scope mel05s01-in-x0e.1e100.net, source address fe80::ca82:d707, length 208

在局域网 br0 上捕获

10:12:04.244145 IP6 2001:470:1f2c:103:9f3f:91cc:8361:eeee > mel05s01-in-x0e.1e100.net: ICMP6, echo request, id 9210, seq 2, length 64
10:12:05.268171 IP6 2001:470:1f2c:103:9f3f:91cc:8361:eeee > mel05s01-in-x0e.1e100.net: ICMP6, echo request, id 9210, seq 3, length 64
10:12:06.788906 IP6 2001:470:1f2c:103:68ea:b849:5a38:674f.49780 > dns.google.443: Flags [SEW], seq 885084687, win 65535, options [mss 1420,nop,wscale 6,nop,nop,TS val 3846476528 ecr 0,sackOK,tfo  cookiereq], length 0

ipv6 转发在内核中启用,ip6tables 已安装并在启动时启动。

/etc/sysctl.conf

net.ipv4.ip_forward=1
#Ipv6 config
net.ipv6.conf.all.forwarding= 1
net.ipv6.conf.he-ipv6.accept_ra=2

ip6tables 配置

Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     0    --  ::/0                 ::/0                 ctstate ESTABLISHED
icmp-routing  58   --  ::/0                 ::/0                 ctstate RELATED
ACCEPT     0    --  ::/0                 ::/0                
ACCEPT     0    --  *redacted*::/64  ::/0                
ACCEPT     6    --  ::/0                 ::/0                 tcp dpt:53
ACCEPT     17   --  ::/0                 ::/0                 udp dpt:53
ACCEPT     17   --  ::/0                 ::/0                 udp dpt:51820
ACCEPT     58   --  ::/0                 ::/0                
ACCEPT     0    --  ::/0                 ::/0                
ACCEPT     0    --  ::/0                 ::/0                
ACCEPT     0    --  ::/0                 ::/0                
ACCEPT     0    --  ::/0                 ::/0                


Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     0    --  ::/0                 ::/0                 ctstate ESTABLISHED
icmp-routing  58   --  ::/0                 ::/0                 ctstate RELATED
ACCEPT     6    --  ::/0                 ::/0                 tcp dpt:53
ACCEPT     17   --  ::/0                 ::/0                 udp dpt:53
ACCEPT     17   --  ::/0                 ::/0                 udp dpt:51820
icmp-routing  58   --  ::/0                 ::/0                
ACCEPT     0    --  ::/0                 ::/0                
ACCEPT     0    --  ::/0                 ::/0                
ACCEPT     0    --  ::/0                 ::/0                
ACCEPT     0    --  ::/0                 ::/0                
ACCEPT     0    --  ::/0                 ::/0                
ACCEPT     0    --  ::/0                 ::/0                


Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     0    --  ::/0                 ::/0                 ctstate ESTABLISHED
icmp-routing  58   --  ::/0                 ::/0                 ctstate RELATED
ACCEPT     0    --  ::/0                 ::/0                
ACCEPT     58   --  ::/0                 ::/0                
ACCEPT     0    --  ::/0                 ::/0                
ACCEPT     0    --  ::/0                 ::/0                
ACCEPT     0    --  ::/0                 ::/0                
ACCEPT     0    --  ::/0                 ::/0                


Chain icmp-routing (4 references)
target     prot opt source               destination         
ACCEPT     58   --  ::/0                 ::/0                 ipv6-icmptype 1
ACCEPT     58   --  ::/0                 ::/0                 ipv6-icmptype 2
ACCEPT     58   --  ::/0                 ::/0                 ipv6-icmptype 3
ACCEPT     58   --  ::/0                 ::/0                 ipv6-icmptype 4

iptables 输出

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         


Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            ctstate ESTABLISHED
icmp-routing  1    --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED
ACCEPT     6    --  0.0.0.0/0            192.168.1.145        tcp dpt:53 ctstate DNAT
ACCEPT     17   --  0.0.0.0/0            192.168.1.145        udp dpt:53 ctstate DNAT
ACCEPT     17   --  0.0.0.0/0            0.0.0.0/0            udp dpt:51820
icmp-routing  1    --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0           


Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         


Chain icmp-routing (2 references)
target     prot opt source               destination         
ACCEPT     1    --  0.0.0.0/0            0.0.0.0/0            icmptype 3
ACCEPT     1    --  0.0.0.0/0            0.0.0.0/0            icmptype 11
ACCEPT     1    --  0.0.0.0/0            0.0.0.0/0            icmptype 12

我按照建议将以下内容添加到 /etc/hosts 中https://wiki.alpinelinux.org/wiki/Configure_Networking


::1 localhost ipv6-localhost ipv6-loopback

fe00::0 ipv6-localnet

ff00::0 ipv6-mcastprefix

ff02::1 ipv6-allnodes

ff02::2 ipv6-allrouters

ff02::3 ipv6-allhosts

/etc/network/interfaces 的内容

auto lo
iface lo inet loopback


auto eth0
iface eth0 inet dhcp


auto br0
iface br0 inet static
address 192.168.1.1
netmask 255.255.255.0
gateway 192.168.1.1
bridge-ports eth1 eth2



auto he-ipv6

iface he-ipv6 inet6 v4tunnel

address 2001:aaaa:bbbb:cccc:dddd::2

netmask 64

endpoint 216.218.142.50

local 

ttl 255

gateway 2001:aaaa:bbbb:cccc:dddd::1

我使用这个将静态 IP 添加到 br0

/sbin/ip addr add 2001:aaaa:bbbb:cccc:dddd::2/64 dev br0

我按照本教程设置了 radvdhttps://chronos-tachyon.net/reference/debian-ipv6-and-hurricane-electric/我的 /etc/radvd.conf 的内容是


interface br0 {

  AdvSendAdvert on;
  AdvLinkMTU 1480;
  MinRtrAdvInterval 60;
  MaxRtrAdvInterval 180;
  prefix  2001:aaaa:bbbb:ccc::1/64 {
    AdvOnLink on;
    AdvRouterAddr on;
    AdvPreferredLifetime 600;
    AdvValidLifetime 3600;
  };
  route ::/0 {};
RDNSS 2001:470:20::2 {};
};

我使用这个命令启动隧道

modprobe ipv6

ip tunnel add he-ipv6 mode sit remote 216.218.142.50 local 202.aaa.bbb.ccc.d ttl 255

ip link set he-ipv6 up

ip addr add 2001:aaaa:bbbb:cccc::2/64 dev he-ipv6

ip route add ::/0 dev he-ipv6

ip -f inet6 addr

我也尝试添加这个命令

ip tunnel 6rd dev he-ipv6 6rd-prefix 2001:aaaa:bbbb:cccc:dddd:/64 6rd-relay_prefix 216.218.142.50/32

我也尝试使用本地 IP 建立隧道

ip tunnel add he-ipv6 mode sit remote 216.218.142.50 local 192.168.1.1 ttl 255

我不确定我做错了什么。如能得到任何帮助我将非常感激。

相关内容