我正在 Fedora 上设置 Linux 防火墙/路由器。
我正在努力让 IPv6 正常运行。
我的简单网络如下所示
'NET
|
|
ATTMODEM
|
|
| enp2s0
| 2600:yyyy:yyyy:zzzz::53
| fe80::e310:84ed:bda1:a330
LINUXROUTER
| enp3s0
| 2600:yyyy:yyyy:yyyy::1
| fd81:17:15::128
| fe80::e310:84ed:bda1:a331
|
|
SWITCH
|
|
| enp5s0
| 2600:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:23e1
| fd81:17:15::7
| fe80::6d9:xxxx:xxxx:23e1
DESKTOP
内部 IPv6 正在运行。
从 LINUXROUTER 访问 'NET 正常。
但我错过了最后一部分——从局域网(桌面)到“网络”。
目前详细信息是
(1)Linux路由器
ip -6 addr show
...
EXT 2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2600:yyyy:yyyy:zzzz::53/128 scope global dynamic noprefixroute
valid_lft 2876sec preferred_lft 2876sec
inet6 fe80::e310:84ed:bda1:a330/64 scope link
valid_lft forever preferred_lft forever
INT 3: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2600:yyyy:yyyy:yyyy::1/64 scope global dynamic noprefixroute
valid_lft 2876sec preferred_lft 2876sec
inet6 fd81:17:15::128/116 scope global
valid_lft forever preferred_lft forever
inet6 fe80::e310:84ed:bda1:a331/64 scope link
valid_lft forever preferred_lft forever
ip -6 route show
::1 dev lo proto kernel metric 256 pref medium
2600:yyyy:yyyy:yyyy::/64 dev enp3s0 proto dhcp metric 1003 pref medium
fd81:17:15::/116 dev enp3s0 proto kernel metric 256 pref medium
fe80::/64 dev enp2s0 proto kernel metric 256 pref medium
fe80::/64 dev enp3s0 proto kernel metric 256 pref medium
default via fe80::4e12:65ff:fe9c:e3e0 dev enp2s0 metric 1024 pref medium
sysctl -a | grep ipv6 | grep "\.forwarding"
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.enp2s0.forwarding = 1
net.ipv6.conf.enp3s0.forwarding = 1
net.ipv6.conf.lo.forwarding = 1
(2) 桌面
ip -6 addr show
...
EXT 4: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2600:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:23e1/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86391sec preferred_lft 14391sec
inet6 fd81:17:15::7/116 scope global
valid_lft forever preferred_lft forever
inet6 fe80::6d9:xxxx:xxxx:23e1/64 scope link
valid_lft forever preferred_lft forever
ip -6 route show
::1 dev lo proto kernel metric 256 pref medium
2600:yyyy:yyyy:yyyy::/64 dev enp5s0 proto ra metric 1024 expires 86397sec pref medium
fd81:17:15::/116 dev enp5s0 proto kernel metric 256 pref medium
fd81:17:15::/116 dev enp5s0 proto ra metric 1024 expires 86397sec pref medium
fe80::/64 dev enp5s0 proto kernel metric 256 pref medium
default proto static metric 1024 pref medium
nexthop via fd81:17:15::128 dev enp5s0 weight 1 onlink
nexthop via fe80::e310:84ed:bda1:a331 dev enp5s0 weight 1
在桌面上,我
能平6
@DESKTOP
2600:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:23e1
fd81:17:15::7
@LINUXROUTER, INT
2600:yyyy:yyyy:yyyy::1
fd81:17:15::128
@LINUXROUTER, EXT
2600:yyyy:yyyy:zzzz::53
能不是平6
@DESKTOP
fe80::6d9:xxxx:xxxx:23e1
@LINUXROUTER, INT
fe80::e310:84ed:bda1:a331
@LINUXROUTER, EXT
fe80::e310:84ed:bda1:a330
@'NET google.com
2607:f8b0:4008:803::200e
在Linux路由器上,我
能平6
@DESKTOP
2600:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:23e1
fd81:17:15::7
@LINUXROUTER, INT
2600:yyyy:yyyy:yyyy::1
fd81:17:15::128
@LINUXROUTER, EXT
2600:yyyy:yyyy:zzzz::53
并且可以不是平6
@DESKTOP
fe80::6d9:xxxx:xxxx:23e1
@LINUXROUTER, INT
fe80::e310:84ed:bda1:a331
@LINUXROUTER, EXT
fe80::e310:84ed:bda1:a330
但是我能平6
@'NET google.com
2607:f8b0:4008:803::200e
即,ping6
LINUXROUTER -> NET:google.com OK
DESKTOP -> NET:google.com FAIL
缺少什么才能让它发挥作用?
它是我需要的路由、规则、策略或其他系统配置吗?
谢谢,
萨德
编辑1/附加信息:
这不仅仅是我无法从 LAN ping 到的 'NET,它也是 MODEM 的全球单播地址(EXT 或 INT)
NET
|
| 'ethEXT', Global Unicast IP [NET::MODEM::EXT]::1
MODEM
| 'ethINT', Global Unicast IP [NET::MODEM::INT]::1
| DHCP6 server
|
| enp2s0
| [NET::ROUTER::enp2s0]::53/128
ROUTER
| enp3s0
| [NET::ROUTER::enp3s0]::1/64
| radvd server
|
SWITCH
|
| enp5s0
| [NET::DESKTOP::enp5s0]::11/64
DESKTOP
@路由器
OK ping6 -c 1 [NET::MODEM::EXT]::1
OK ping6 -c 1 [NET::MODEM::INT]::1
OK ping6 -c 1 [NET::ROUTER::enp2s0]::53
OK ping6 -c 1 [NET::ROUTER::enp3s0]::1
OK ping6 -c 1 [NET::DESKTOP::enp5s0]::11
OK ping6 -c 1 google.com
PING [NET::MODEM::EXT]::1([NET::MODEM::EXT]::1) 56 data bytes
64 bytes from [NET::MODEM::EXT]::1: icmp_seq=1 ttl=64 time=5.16 ms
--- [NET::MODEM::EXT]::1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
ping6 -c 1 [NET::MODEM::INT]::1
PING [NET::MODEM::INT]::1([NET::MODEM::INT]::1) 56 data bytes
64 bytes from [NET::MODEM::INT]::1: icmp_seq=1 ttl=64 time=4.91 ms
--- [NET::MODEM::INT]::1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
PING [NET::ROUTER::enp2s0]::53([NET::ROUTER::enp2s0]::53) 56 data bytes
64 bytes from [NET::ROUTER::enp2s0]::53: icmp_seq=1 ttl=64 time=0.130 ms
--- [NET::ROUTER::enp2s0]::53 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
PING [NET::ROUTER::enp3s0]::1([NET::ROUTER::enp3s0]::1) 56 data bytes
64 bytes from [NET::ROUTER::enp3s0]::1: icmp_seq=1 ttl=64 time=0.111 ms
--- [NET::ROUTER::enp3s0]::1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
PING [NET::DESKTOP::enp5s0]::11([NET::DESKTOP::enp5s0]::11) 56 data bytes
64 bytes from [NET::DESKTOP::enp5s0]::11: icmp_seq=1 ttl=64 time=0.176 ms
--- [NET::DESKTOP::enp5s0]::11 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
PING google.com(mia07s49-in-x0e.1e100.net (2607:f8b0:4008:803::200e)) 56 data bytes
64 bytes from mia07s49-in-x0e.1e100.net (2607:f8b0:4008:803::200e): icmp_seq=1 ttl=118 time=20.9 ms
--- google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
@ 桌面
FAIL ping6 -c 1 [NET::MODEM::EXT]::1
FAIL ping6 -c 1 [NET::MODEM::INT]::1
OK ping6 -c 1 [NET::ROUTER::enp2s0]::53
OK ping6 -c 1 [NET::ROUTER::enp3s0]::1
OK ping6 -c 1 [NET::DESKTOP::enp5s0]::11
FAIL ping6 -c 1 google.com
!!! PING [NET::MODEM::EXT]::1([NET::MODEM::EXT]::1) 56 data bytes
!!! --- [NET::MODEM::EXT]::1 ping statistics ---
!!! 1 packets transmitted, 0 received, 100% packet loss, time 0ms
!!! PING [NET::MODEM::INT]::1([NET::MODEM::INT]::1) 56 data bytes
!!! --- [NET::MODEM::INT]::1 ping statistics ---
!!! 1 packets transmitted, 0 received, 100% packet loss, time 0ms
PING [NET::ROUTER::enp2s0]::53([NET::ROUTER::enp2s0]::53) 56 data bytes
64 bytes from [NET::ROUTER::enp2s0]::53: icmp_seq=1 ttl=64 time=0.533 ms
--- [NET::ROUTER::enp2s0]::53 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
PING [NET::ROUTER::enp3s0]::1([NET::ROUTER::enp3s0]::1) 56 data bytes
64 bytes from [NET::ROUTER::enp3s0]::1: icmp_seq=1 ttl=64 time=0.500 ms
--- [NET::ROUTER::enp3s0]::1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
PING [NET::DESKTOP::enp5s0]::11(NET::DESKTOP::enp5s00]::11) 56 data bytes
64 bytes from [NET::DESKTOP::enp5s0]::11: icmp_seq=1 ttl=64 time=0.019 ms
--- [NET::DESKTOP::enp5s0]::11 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
!!! PING google.com(mia07s49-in-x0e.1e100.net (2607:f8b0:4008:803::200e)) 56 data bytes
!!! --- google.com ping statistics ---
!!! 1 packets transmitted, 0 received, 100% packet loss, time 0ms