.png)
我正在/usr/sbin/nft为 IPv4 over IPv6 隧道配置 nftable ( )。对于封装在 IPv6 数据包中的 IPv4 数据包进行隧道传输有多种标准。流行的方法之一是MAP-E(RFC 7597)。为了使用MAP-E,我们需要将传出IPv4数据包的端口重写为多个不连续的范围,例如1376-1391 2400-2415 3424-3439 ...(后面有许多端口号范围,因此被省略) 62816 -62831 63840-63855 64864-64879。另外,由于IPv6不允许对太大的数据包进行分片,因此我们必须调整TCP MSS。为了对传出的 IPv4 数据包进行这些调整,我编写了以下 nftable 配置文件。效果很好。但这样太麻烦了。我想知道是否有更简单的方法来做同样的事情。我在 Ubuntu 20.04 上使用 nftable 0.9.3。
#!/usr/sbin/nft -f
#delete table ip map_e_filter
table ip map_e_filter {
chain FORWARD {
type filter hook forward priority filter;
oifname ip6tnl1 tcp flags syn tcp option maxseg size set rt mtu
}
}
#delete table ip map_e_nat;
table ip map_e_nat {
map myvmap {
type mark : verdict
elements = { 0 : jump map_e_chain0, 1 : jump map_e_chain1, 2 : jump map_e_chain2, 3 : jump map_e_chain3, 4 : jump map_e_chain4, 5 : jump map_e_chain5, 6 : jump map_e_chain6, 7 : jump map_e_chain7, 8 : jump map_e_chain8, 9 : jump map_e_chain9, 10 : jump map_e_chain10, 11 : jump map_e_chain11, 12 : jump map_e_chain12, 13 : jump map_e_chain13, 14 : jump map_e_chain14, 15 : jump map_e_chain15, 16 : jump map_e_chain16, 17 : jump map_e_chain17, 18 : jump map_e_chain18, 19 : jump map_e_chain19, 20 : jump map_e_chain20, 21 : jump map_e_chain21, 22 : jump map_e_chain22, 23 : jump map_e_chain23, 24 : jump map_e_chain24, 25 : jump map_e_chain25, 26 : jump map_e_chain26, 27 : jump map_e_chain27, 28 : jump map_e_chain28, 29 : jump map_e_chain29, 30 : jump map_e_chain30, 31 : jump map_e_chain31, 32 : jump map_e_chain32, 33 : jump map_e_chain33, 34 : jump map_e_chain34, 35 : jump map_e_chain35, 36 : jump map_e_chain36, 37 : jump map_e_chain37, 38 : jump map_e_chain38, 39 : jump map_e_chain39, 40 : jump map_e_chain40, 41 : jump map_e_chain41, 42 : jump map_e_chain42, 43 : jump map_e_chain43, 44 : jump map_e_chain44, 45 : jump map_e_chain45, 46 : jump map_e_chain46, 47 : jump map_e_chain47, 48 : jump map_e_chain48, 49 : jump map_e_chain49, 50 : jump map_e_chain50, 51 : jump map_e_chain51, 52 : jump map_e_chain52, 53 : jump map_e_chain53, 54 : jump map_e_chain54, 55 : jump map_e_chain55, 56 : jump map_e_chain56, 57 : jump map_e_chain57, 58 : jump map_e_chain58, 59 : jump map_e_chain59, 60 : jump map_e_chain60, 61 : jump map_e_chain61, 62 : jump map_e_chain62 }
}
chain POSTROUTING {
type nat hook postrouting priority filter;
oifname ip6tnl1 meta l4proto tcp mark set numgen inc mod 15 counter packets 0
oifname ip6tnl1 meta l4proto udp mark set numgen inc mod 15 counter packets 0
oifname ip6tnl1 meta l4proto icmp mark set numgen inc mod 15 counter packets 0
oifname ip6tnl1 meta mark vmap @myvmap
}
chain map_e_chain0 { meta l4proto tcp mark 0 counter packets 0 snat to 153.240.72.209:1376-1391 persistent; meta l4proto udp mark 0 counter packets 0 snat to 153.240.72.209:1376-1391 persistent; meta l4proto icmp mark 0 counter packets 0 snat to 153.240.72.209:1376-1391 persistent; }
chain map_e_chain1 { meta l4proto tcp mark 1 counter packets 0 snat to 153.240.72.209:2400-2415 persistent; meta l4proto udp mark 1 counter packets 0 snat to 153.240.72.209:2400-2415 persistent; meta l4proto icmp mark 1 counter packets 0 snat to 153.240.72.209:2400-2415 persistent; }
chain map_e_chain2 { meta l4proto tcp mark 2 counter packets 0 snat to 153.240.72.209:3424-3439 persistent; meta l4proto udp mark 2 counter packets 0 snat to 153.240.72.209:3424-3439 persistent; meta l4proto icmp mark 2 counter packets 0 snat to 153.240.72.209:3424-3439 persistent; }
chain map_e_chain3 { meta l4proto tcp mark 3 counter packets 0 snat to 153.240.72.209:4448-4463 persistent; meta l4proto udp mark 3 counter packets 0 snat to 153.240.72.209:4448-4463 persistent; meta l4proto icmp mark 3 counter packets 0 snat to 153.240.72.209:4448-4463 persistent; }
chain map_e_chain4 { meta l4proto tcp mark 4 counter packets 0 snat to 153.240.72.209:5472-5487 persistent; meta l4proto udp mark 4 counter packets 0 snat to 153.240.72.209:5472-5487 persistent; meta l4proto icmp mark 4 counter packets 0 snat to 153.240.72.209:5472-5487 persistent; }
chain map_e_chain5 { meta l4proto tcp mark 5 counter packets 0 snat to 153.240.72.209:6496-6511 persistent; meta l4proto udp mark 5 counter packets 0 snat to 153.240.72.209:6496-6511 persistent; meta l4proto icmp mark 5 counter packets 0 snat to 153.240.72.209:6496-6511 persistent; }
chain map_e_chain6 { meta l4proto tcp mark 6 counter packets 0 snat to 153.240.72.209:7520-7535 persistent; meta l4proto udp mark 6 counter packets 0 snat to 153.240.72.209:7520-7535 persistent; meta l4proto icmp mark 6 counter packets 0 snat to 153.240.72.209:7520-7535 persistent; }
chain map_e_chain7 { meta l4proto tcp mark 7 counter packets 0 snat to 153.240.72.209:8544-8559 persistent; meta l4proto udp mark 7 counter packets 0 snat to 153.240.72.209:8544-8559 persistent; meta l4proto icmp mark 7 counter packets 0 snat to 153.240.72.209:8544-8559 persistent; }
chain map_e_chain8 { meta l4proto tcp mark 8 counter packets 0 snat to 153.240.72.209:9568-9583 persistent; meta l4proto udp mark 8 counter packets 0 snat to 153.240.72.209:9568-9583 persistent; meta l4proto icmp mark 8 counter packets 0 snat to 153.240.72.209:9568-9583 persistent; }
chain map_e_chain9 { meta l4proto tcp mark 9 counter packets 0 snat to 153.240.72.209:10592-10607 persistent; meta l4proto udp mark 9 counter packets 0 snat to 153.240.72.209:10592-10607 persistent; meta l4proto icmp mark 9 counter packets 0 snat to 153.240.72.209:10592-10607 persistent; }
chain map_e_chain10 { meta l4proto tcp mark 10 counter packets 0 snat to 153.240.72.209:11616-11631 persistent; meta l4proto udp mark 10 counter packets 0 snat to 153.240.72.209:11616-11631 persistent; meta l4proto icmp mark 10 counter packets 0 snat to 153.240.72.209:11616-11631 persistent; }
chain map_e_chain11 { meta l4proto tcp mark 11 counter packets 0 snat to 153.240.72.209:12640-12655 persistent; meta l4proto udp mark 11 counter packets 0 snat to 153.240.72.209:12640-12655 persistent; meta l4proto icmp mark 11 counter packets 0 snat to 153.240.72.209:12640-12655 persistent; }
chain map_e_chain12 { meta l4proto tcp mark 12 counter packets 0 snat to 153.240.72.209:13664-13679 persistent; meta l4proto udp mark 12 counter packets 0 snat to 153.240.72.209:13664-13679 persistent; meta l4proto icmp mark 12 counter packets 0 snat to 153.240.72.209:13664-13679 persistent; }
chain map_e_chain13 { meta l4proto tcp mark 13 counter packets 0 snat to 153.240.72.209:14688-14703 persistent; meta l4proto udp mark 13 counter packets 0 snat to 153.240.72.209:14688-14703 persistent; meta l4proto icmp mark 13 counter packets 0 snat to 153.240.72.209:14688-14703 persistent; }
chain map_e_chain14 { meta l4proto tcp mark 14 counter packets 0 snat to 153.240.72.209:15712-15727 persistent; meta l4proto udp mark 14 counter packets 0 snat to 153.240.72.209:15712-15727 persistent; meta l4proto icmp mark 14 counter packets 0 snat to 153.240.72.209:15712-15727 persistent; }
chain map_e_chain15 { meta l4proto tcp mark 15 counter packets 0 snat to 153.240.72.209:16736-16751 persistent; meta l4proto udp mark 15 counter packets 0 snat to 153.240.72.209:16736-16751 persistent; meta l4proto icmp mark 15 counter packets 0 snat to 153.240.72.209:16736-16751 persistent; }
chain map_e_chain16 { meta l4proto tcp mark 16 counter packets 0 snat to 153.240.72.209:17760-17775 persistent; meta l4proto udp mark 16 counter packets 0 snat to 153.240.72.209:17760-17775 persistent; meta l4proto icmp mark 16 counter packets 0 snat to 153.240.72.209:17760-17775 persistent; }
chain map_e_chain17 { meta l4proto tcp mark 17 counter packets 0 snat to 153.240.72.209:18784-18799 persistent; meta l4proto udp mark 17 counter packets 0 snat to 153.240.72.209:18784-18799 persistent; meta l4proto icmp mark 17 counter packets 0 snat to 153.240.72.209:18784-18799 persistent; }
chain map_e_chain18 { meta l4proto tcp mark 18 counter packets 0 snat to 153.240.72.209:19808-19823 persistent; meta l4proto udp mark 18 counter packets 0 snat to 153.240.72.209:19808-19823 persistent; meta l4proto icmp mark 18 counter packets 0 snat to 153.240.72.209:19808-19823 persistent; }
chain map_e_chain19 { meta l4proto tcp mark 19 counter packets 0 snat to 153.240.72.209:20832-20847 persistent; meta l4proto udp mark 19 counter packets 0 snat to 153.240.72.209:20832-20847 persistent; meta l4proto icmp mark 19 counter packets 0 snat to 153.240.72.209:20832-20847 persistent; }
chain map_e_chain20 { meta l4proto tcp mark 20 counter packets 0 snat to 153.240.72.209:21856-21871 persistent; meta l4proto udp mark 20 counter packets 0 snat to 153.240.72.209:21856-21871 persistent; meta l4proto icmp mark 20 counter packets 0 snat to 153.240.72.209:21856-21871 persistent; }
chain map_e_chain21 { meta l4proto tcp mark 21 counter packets 0 snat to 153.240.72.209:22880-22895 persistent; meta l4proto udp mark 21 counter packets 0 snat to 153.240.72.209:22880-22895 persistent; meta l4proto icmp mark 21 counter packets 0 snat to 153.240.72.209:22880-22895 persistent; }
chain map_e_chain22 { meta l4proto tcp mark 22 counter packets 0 snat to 153.240.72.209:23904-23919 persistent; meta l4proto udp mark 22 counter packets 0 snat to 153.240.72.209:23904-23919 persistent; meta l4proto icmp mark 22 counter packets 0 snat to 153.240.72.209:23904-23919 persistent; }
chain map_e_chain23 { meta l4proto tcp mark 23 counter packets 0 snat to 153.240.72.209:24928-24943 persistent; meta l4proto udp mark 23 counter packets 0 snat to 153.240.72.209:24928-24943 persistent; meta l4proto icmp mark 23 counter packets 0 snat to 153.240.72.209:24928-24943 persistent; }
chain map_e_chain24 { meta l4proto tcp mark 24 counter packets 0 snat to 153.240.72.209:25952-25967 persistent; meta l4proto udp mark 24 counter packets 0 snat to 153.240.72.209:25952-25967 persistent; meta l4proto icmp mark 24 counter packets 0 snat to 153.240.72.209:25952-25967 persistent; }
chain map_e_chain25 { meta l4proto tcp mark 25 counter packets 0 snat to 153.240.72.209:26976-26991 persistent; meta l4proto udp mark 25 counter packets 0 snat to 153.240.72.209:26976-26991 persistent; meta l4proto icmp mark 25 counter packets 0 snat to 153.240.72.209:26976-26991 persistent; }
chain map_e_chain26 { meta l4proto tcp mark 26 counter packets 0 snat to 153.240.72.209:28000-28015 persistent; meta l4proto udp mark 26 counter packets 0 snat to 153.240.72.209:28000-28015 persistent; meta l4proto icmp mark 26 counter packets 0 snat to 153.240.72.209:28000-28015 persistent; }
chain map_e_chain27 { meta l4proto tcp mark 27 counter packets 0 snat to 153.240.72.209:29024-29039 persistent; meta l4proto udp mark 27 counter packets 0 snat to 153.240.72.209:29024-29039 persistent; meta l4proto icmp mark 27 counter packets 0 snat to 153.240.72.209:29024-29039 persistent; }
chain map_e_chain28 { meta l4proto tcp mark 28 counter packets 0 snat to 153.240.72.209:30048-30063 persistent; meta l4proto udp mark 28 counter packets 0 snat to 153.240.72.209:30048-30063 persistent; meta l4proto icmp mark 28 counter packets 0 snat to 153.240.72.209:30048-30063 persistent; }
chain map_e_chain29 { meta l4proto tcp mark 29 counter packets 0 snat to 153.240.72.209:31072-31087 persistent; meta l4proto udp mark 29 counter packets 0 snat to 153.240.72.209:31072-31087 persistent; meta l4proto icmp mark 29 counter packets 0 snat to 153.240.72.209:31072-31087 persistent; }
chain map_e_chain30 { meta l4proto tcp mark 30 counter packets 0 snat to 153.240.72.209:32096-32111 persistent; meta l4proto udp mark 30 counter packets 0 snat to 153.240.72.209:32096-32111 persistent; meta l4proto icmp mark 30 counter packets 0 snat to 153.240.72.209:32096-32111 persistent; }
chain map_e_chain31 { meta l4proto tcp mark 31 counter packets 0 snat to 153.240.72.209:33120-33135 persistent; meta l4proto udp mark 31 counter packets 0 snat to 153.240.72.209:33120-33135 persistent; meta l4proto icmp mark 31 counter packets 0 snat to 153.240.72.209:33120-33135 persistent; }
chain map_e_chain32 { meta l4proto tcp mark 32 counter packets 0 snat to 153.240.72.209:34144-34159 persistent; meta l4proto udp mark 32 counter packets 0 snat to 153.240.72.209:34144-34159 persistent; meta l4proto icmp mark 32 counter packets 0 snat to 153.240.72.209:34144-34159 persistent; }
chain map_e_chain33 { meta l4proto tcp mark 33 counter packets 0 snat to 153.240.72.209:35168-35183 persistent; meta l4proto udp mark 33 counter packets 0 snat to 153.240.72.209:35168-35183 persistent; meta l4proto icmp mark 33 counter packets 0 snat to 153.240.72.209:35168-35183 persistent; }
chain map_e_chain34 { meta l4proto tcp mark 34 counter packets 0 snat to 153.240.72.209:36192-36207 persistent; meta l4proto udp mark 34 counter packets 0 snat to 153.240.72.209:36192-36207 persistent; meta l4proto icmp mark 34 counter packets 0 snat to 153.240.72.209:36192-36207 persistent; }
chain map_e_chain35 { meta l4proto tcp mark 35 counter packets 0 snat to 153.240.72.209:37216-37231 persistent; meta l4proto udp mark 35 counter packets 0 snat to 153.240.72.209:37216-37231 persistent; meta l4proto icmp mark 35 counter packets 0 snat to 153.240.72.209:37216-37231 persistent; }
chain map_e_chain36 { meta l4proto tcp mark 36 counter packets 0 snat to 153.240.72.209:38240-38255 persistent; meta l4proto udp mark 36 counter packets 0 snat to 153.240.72.209:38240-38255 persistent; meta l4proto icmp mark 36 counter packets 0 snat to 153.240.72.209:38240-38255 persistent; }
chain map_e_chain37 { meta l4proto tcp mark 37 counter packets 0 snat to 153.240.72.209:39264-39279 persistent; meta l4proto udp mark 37 counter packets 0 snat to 153.240.72.209:39264-39279 persistent; meta l4proto icmp mark 37 counter packets 0 snat to 153.240.72.209:39264-39279 persistent; }
chain map_e_chain38 { meta l4proto tcp mark 38 counter packets 0 snat to 153.240.72.209:40288-40303 persistent; meta l4proto udp mark 38 counter packets 0 snat to 153.240.72.209:40288-40303 persistent; meta l4proto icmp mark 38 counter packets 0 snat to 153.240.72.209:40288-40303 persistent; }
chain map_e_chain39 { meta l4proto tcp mark 39 counter packets 0 snat to 153.240.72.209:41312-41327 persistent; meta l4proto udp mark 39 counter packets 0 snat to 153.240.72.209:41312-41327 persistent; meta l4proto icmp mark 39 counter packets 0 snat to 153.240.72.209:41312-41327 persistent; }
chain map_e_chain40 { meta l4proto tcp mark 40 counter packets 0 snat to 153.240.72.209:42336-42351 persistent; meta l4proto udp mark 40 counter packets 0 snat to 153.240.72.209:42336-42351 persistent; meta l4proto icmp mark 40 counter packets 0 snat to 153.240.72.209:42336-42351 persistent; }
chain map_e_chain41 { meta l4proto tcp mark 41 counter packets 0 snat to 153.240.72.209:43360-43375 persistent; meta l4proto udp mark 41 counter packets 0 snat to 153.240.72.209:43360-43375 persistent; meta l4proto icmp mark 41 counter packets 0 snat to 153.240.72.209:43360-43375 persistent; }
chain map_e_chain42 { meta l4proto tcp mark 42 counter packets 0 snat to 153.240.72.209:44384-44399 persistent; meta l4proto udp mark 42 counter packets 0 snat to 153.240.72.209:44384-44399 persistent; meta l4proto icmp mark 42 counter packets 0 snat to 153.240.72.209:44384-44399 persistent; }
chain map_e_chain43 { meta l4proto tcp mark 43 counter packets 0 snat to 153.240.72.209:45408-45423 persistent; meta l4proto udp mark 43 counter packets 0 snat to 153.240.72.209:45408-45423 persistent; meta l4proto icmp mark 43 counter packets 0 snat to 153.240.72.209:45408-45423 persistent; }
chain map_e_chain44 { meta l4proto tcp mark 44 counter packets 0 snat to 153.240.72.209:46432-46447 persistent; meta l4proto udp mark 44 counter packets 0 snat to 153.240.72.209:46432-46447 persistent; meta l4proto icmp mark 44 counter packets 0 snat to 153.240.72.209:46432-46447 persistent; }
chain map_e_chain45 { meta l4proto tcp mark 45 counter packets 0 snat to 153.240.72.209:47456-47471 persistent; meta l4proto udp mark 45 counter packets 0 snat to 153.240.72.209:47456-47471 persistent; meta l4proto icmp mark 45 counter packets 0 snat to 153.240.72.209:47456-47471 persistent; }
chain map_e_chain46 { meta l4proto tcp mark 46 counter packets 0 snat to 153.240.72.209:48480-48495 persistent; meta l4proto udp mark 46 counter packets 0 snat to 153.240.72.209:48480-48495 persistent; meta l4proto icmp mark 46 counter packets 0 snat to 153.240.72.209:48480-48495 persistent; }
chain map_e_chain47 { meta l4proto tcp mark 47 counter packets 0 snat to 153.240.72.209:49504-49519 persistent; meta l4proto udp mark 47 counter packets 0 snat to 153.240.72.209:49504-49519 persistent; meta l4proto icmp mark 47 counter packets 0 snat to 153.240.72.209:49504-49519 persistent; }
chain map_e_chain48 { meta l4proto tcp mark 48 counter packets 0 snat to 153.240.72.209:50528-50543 persistent; meta l4proto udp mark 48 counter packets 0 snat to 153.240.72.209:50528-50543 persistent; meta l4proto icmp mark 48 counter packets 0 snat to 153.240.72.209:50528-50543 persistent; }
chain map_e_chain49 { meta l4proto tcp mark 49 counter packets 0 snat to 153.240.72.209:51552-51567 persistent; meta l4proto udp mark 49 counter packets 0 snat to 153.240.72.209:51552-51567 persistent; meta l4proto icmp mark 49 counter packets 0 snat to 153.240.72.209:51552-51567 persistent; }
chain map_e_chain50 { meta l4proto tcp mark 50 counter packets 0 snat to 153.240.72.209:52576-52591 persistent; meta l4proto udp mark 50 counter packets 0 snat to 153.240.72.209:52576-52591 persistent; meta l4proto icmp mark 50 counter packets 0 snat to 153.240.72.209:52576-52591 persistent; }
chain map_e_chain51 { meta l4proto tcp mark 51 counter packets 0 snat to 153.240.72.209:53600-53615 persistent; meta l4proto udp mark 51 counter packets 0 snat to 153.240.72.209:53600-53615 persistent; meta l4proto icmp mark 51 counter packets 0 snat to 153.240.72.209:53600-53615 persistent; }
chain map_e_chain52 { meta l4proto tcp mark 52 counter packets 0 snat to 153.240.72.209:54624-54639 persistent; meta l4proto udp mark 52 counter packets 0 snat to 153.240.72.209:54624-54639 persistent; meta l4proto icmp mark 52 counter packets 0 snat to 153.240.72.209:54624-54639 persistent; }
chain map_e_chain53 { meta l4proto tcp mark 53 counter packets 0 snat to 153.240.72.209:55648-55663 persistent; meta l4proto udp mark 53 counter packets 0 snat to 153.240.72.209:55648-55663 persistent; meta l4proto icmp mark 53 counter packets 0 snat to 153.240.72.209:55648-55663 persistent; }
chain map_e_chain54 { meta l4proto tcp mark 54 counter packets 0 snat to 153.240.72.209:56672-56687 persistent; meta l4proto udp mark 54 counter packets 0 snat to 153.240.72.209:56672-56687 persistent; meta l4proto icmp mark 54 counter packets 0 snat to 153.240.72.209:56672-56687 persistent; }
chain map_e_chain55 { meta l4proto tcp mark 55 counter packets 0 snat to 153.240.72.209:57696-57711 persistent; meta l4proto udp mark 55 counter packets 0 snat to 153.240.72.209:57696-57711 persistent; meta l4proto icmp mark 55 counter packets 0 snat to 153.240.72.209:57696-57711 persistent; }
chain map_e_chain56 { meta l4proto tcp mark 56 counter packets 0 snat to 153.240.72.209:58720-58735 persistent; meta l4proto udp mark 56 counter packets 0 snat to 153.240.72.209:58720-58735 persistent; meta l4proto icmp mark 56 counter packets 0 snat to 153.240.72.209:58720-58735 persistent; }
chain map_e_chain57 { meta l4proto tcp mark 57 counter packets 0 snat to 153.240.72.209:59744-59759 persistent; meta l4proto udp mark 57 counter packets 0 snat to 153.240.72.209:59744-59759 persistent; meta l4proto icmp mark 57 counter packets 0 snat to 153.240.72.209:59744-59759 persistent; }
chain map_e_chain58 { meta l4proto tcp mark 58 counter packets 0 snat to 153.240.72.209:60768-60783 persistent; meta l4proto udp mark 58 counter packets 0 snat to 153.240.72.209:60768-60783 persistent; meta l4proto icmp mark 58 counter packets 0 snat to 153.240.72.209:60768-60783 persistent; }
chain map_e_chain59 { meta l4proto tcp mark 59 counter packets 0 snat to 153.240.72.209:61792-61807 persistent; meta l4proto udp mark 59 counter packets 0 snat to 153.240.72.209:61792-61807 persistent; meta l4proto icmp mark 59 counter packets 0 snat to 153.240.72.209:61792-61807 persistent; }
chain map_e_chain60 { meta l4proto tcp mark 60 counter packets 0 snat to 153.240.72.209:62816-62831 persistent; meta l4proto udp mark 60 counter packets 0 snat to 153.240.72.209:62816-62831 persistent; meta l4proto icmp mark 60 counter packets 0 snat to 153.240.72.209:62816-62831 persistent; }
chain map_e_chain61 { meta l4proto tcp mark 61 counter packets 0 snat to 153.240.72.209:63840-63855 persistent; meta l4proto udp mark 61 counter packets 0 snat to 153.240.72.209:63840-63855 persistent; meta l4proto icmp mark 61 counter packets 0 snat to 153.240.72.209:63840-63855 persistent; }
chain map_e_chain62 { meta l4proto tcp mark 62 counter packets 0 snat to 153.240.72.209:64864-64879 persistent; meta l4proto udp mark 62 counter packets 0 snat to 153.240.72.209:64864-64879 persistent; meta l4proto icmp mark 62 counter packets 0 snat to 153.240.72.209:64864-64879 persistent; }
}
隧道设备配置为:
BR='2001:380:a120::9'
CE='2400:4050:1234:5600:99:f048:d100:1600'
IP4='153.240.72.209'
PSID='22'
WANDEV=wlp2s0
TUNDEV='ip6tnl1'
ip -6 addr add $CE dev $WANDEV
ip -6 tunnel delete $TUNDEV
ip -6 tunnel add $TUNDEV mode ip4ip6 remote $BR local $CE encaplimit none
ip link set dev $TUNDEV mtu 1460
ip link set dev $TUNDEV up
ip -4 route delete default
ip -4 route add default dev $TUNDEV