设置具有两个接口的 IPv6 路由器,为什么只有我的配置的 LAN -> 'NET 访问不起作用?

设置具有两个接口的 IPv6 路由器,为什么只有我的配置的 LAN -> 'NET 访问不起作用?

我正在 Fedora 上设置 Linux 防火墙/路由器。

我正在努力让 IPv6 正常运行。

我的简单网络如下所示

'NET
  |
  |
ATTMODEM
  |
  |
  | enp2s0
  |    2600:yyyy:yyyy:zzzz::53
  |    fe80::e310:84ed:bda1:a330
LINUXROUTER
  | enp3s0
  |    2600:yyyy:yyyy:yyyy::1
  |    fd81:17:15::128
  |    fe80::e310:84ed:bda1:a331
  |
  |
SWITCH
  |
  |
  | enp5s0
  |    2600:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:23e1
  |    fd81:17:15::7
  |    fe80::6d9:xxxx:xxxx:23e1
DESKTOP

内部 IPv6 正在运行。

从 LINUXROUTER 访问 'NET 正常。

但我错过了最后一部分——从局域网(桌面)到“网络”。

目前详细信息是

(1)Linux路由器

    ip -6 addr show
    ...
EXT 2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
        inet6 2600:yyyy:yyyy:zzzz::53/128 scope global dynamic noprefixroute
        valid_lft 2876sec preferred_lft 2876sec
        inet6 fe80::e310:84ed:bda1:a330/64 scope link
        valid_lft forever preferred_lft forever
INT 3: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
        inet6 2600:yyyy:yyyy:yyyy::1/64 scope global dynamic noprefixroute
        valid_lft 2876sec preferred_lft 2876sec
        inet6 fd81:17:15::128/116 scope global
        valid_lft forever preferred_lft forever
        inet6 fe80::e310:84ed:bda1:a331/64 scope link
        valid_lft forever preferred_lft forever

    ip -6 route show
        ::1 dev lo proto kernel metric 256 pref medium
        2600:yyyy:yyyy:yyyy::/64 dev enp3s0 proto dhcp metric 1003 pref medium
        fd81:17:15::/116 dev enp3s0 proto kernel metric 256 pref medium
        fe80::/64 dev enp2s0 proto kernel metric 256 pref medium
        fe80::/64 dev enp3s0 proto kernel metric 256 pref medium
        default via fe80::4e12:65ff:fe9c:e3e0 dev enp2s0 metric 1024 pref medium

    sysctl -a | grep ipv6 | grep "\.forwarding"
        net.ipv6.conf.all.forwarding = 1
        net.ipv6.conf.default.forwarding = 1
        net.ipv6.conf.enp2s0.forwarding = 1
        net.ipv6.conf.enp3s0.forwarding = 1
        net.ipv6.conf.lo.forwarding = 1

(2) 桌面

    ip -6 addr show
    ...
EXT 4: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
        inet6 2600:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:23e1/64 scope global dynamic mngtmpaddr noprefixroute
        valid_lft 86391sec preferred_lft 14391sec
        inet6 fd81:17:15::7/116 scope global
        valid_lft forever preferred_lft forever
        inet6 fe80::6d9:xxxx:xxxx:23e1/64 scope link
        valid_lft forever preferred_lft forever

    ip -6 route show
        ::1 dev lo proto kernel metric 256 pref medium
        2600:yyyy:yyyy:yyyy::/64 dev enp5s0 proto ra metric 1024 expires 86397sec pref medium
        fd81:17:15::/116 dev enp5s0 proto kernel metric 256 pref medium
        fd81:17:15::/116 dev enp5s0 proto ra metric 1024 expires 86397sec pref medium
        fe80::/64 dev enp5s0 proto kernel metric 256 pref medium
        default proto static metric 1024 pref medium
        nexthop via fd81:17:15::128 dev enp5s0 weight 1 onlink
        nexthop via fe80::e310:84ed:bda1:a331 dev enp5s0 weight 1

在桌面上,我

平6

    @DESKTOP
        2600:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:23e1
        fd81:17:15::7

    @LINUXROUTER, INT
        2600:yyyy:yyyy:yyyy::1
        fd81:17:15::128

    @LINUXROUTER, EXT
        2600:yyyy:yyyy:zzzz::53

不是平6

    @DESKTOP
        fe80::6d9:xxxx:xxxx:23e1
        @LINUXROUTER, INT
        fe80::e310:84ed:bda1:a331

    @LINUXROUTER, EXT
        fe80::e310:84ed:bda1:a330

    @'NET google.com
        2607:f8b0:4008:803::200e

在Linux路由器上,我

平6

    @DESKTOP
        2600:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:23e1
        fd81:17:15::7

    @LINUXROUTER, INT
        2600:yyyy:yyyy:yyyy::1
        fd81:17:15::128

    @LINUXROUTER, EXT
        2600:yyyy:yyyy:zzzz::53

并且可以不是平6

    @DESKTOP
        fe80::6d9:xxxx:xxxx:23e1

    @LINUXROUTER, INT
        fe80::e310:84ed:bda1:a331

    @LINUXROUTER, EXT
        fe80::e310:84ed:bda1:a330

但是我平6

    @'NET google.com
        2607:f8b0:4008:803::200e

即,ping6

LINUXROUTER  -> NET:google.com  OK
DESKTOP      -> NET:google.com  FAIL

缺少什么才能让它发挥作用?

它是我需要的路由、规则、策略或其他系统配置吗?

谢谢,

萨德

编辑1/附加信息:

这不仅仅是我无法从 LAN ping 到的 'NET,它也是 MODEM 的全球单播地址(EXT 或 INT)

    NET
    |
    | 'ethEXT', Global Unicast IP [NET::MODEM::EXT]::1
    MODEM
    | 'ethINT', Global Unicast IP [NET::MODEM::INT]::1
    | DHCP6 server
    |
    |   enp2s0
    |   [NET::ROUTER::enp2s0]::53/128
    ROUTER
    |   enp3s0
    |   [NET::ROUTER::enp3s0]::1/64
    | radvd server
    |
    SWITCH
    |
    | enp5s0
    |   [NET::DESKTOP::enp5s0]::11/64
    DESKTOP

@路由器

    OK   ping6 -c 1 [NET::MODEM::EXT]::1
    OK   ping6 -c 1 [NET::MODEM::INT]::1
    OK   ping6 -c 1 [NET::ROUTER::enp2s0]::53
    OK   ping6 -c 1 [NET::ROUTER::enp3s0]::1
    OK   ping6 -c 1 [NET::DESKTOP::enp5s0]::11
    OK   ping6 -c 1 google.com

        PING [NET::MODEM::EXT]::1([NET::MODEM::EXT]::1) 56 data bytes
        64 bytes from [NET::MODEM::EXT]::1: icmp_seq=1 ttl=64 time=5.16 ms
        --- [NET::MODEM::EXT]::1 ping statistics ---
        1 packets transmitted, 1 received, 0% packet loss, time 0ms


        ping6 -c 1 [NET::MODEM::INT]::1
        PING [NET::MODEM::INT]::1([NET::MODEM::INT]::1) 56 data bytes
        64 bytes from [NET::MODEM::INT]::1: icmp_seq=1 ttl=64 time=4.91 ms
        --- [NET::MODEM::INT]::1 ping statistics ---
        1 packets transmitted, 1 received, 0% packet loss, time 0ms


        PING [NET::ROUTER::enp2s0]::53([NET::ROUTER::enp2s0]::53) 56 data bytes
        64 bytes from [NET::ROUTER::enp2s0]::53: icmp_seq=1 ttl=64 time=0.130 ms
        --- [NET::ROUTER::enp2s0]::53 ping statistics ---
        1 packets transmitted, 1 received, 0% packet loss, time 0ms


        PING [NET::ROUTER::enp3s0]::1([NET::ROUTER::enp3s0]::1) 56 data bytes
        64 bytes from [NET::ROUTER::enp3s0]::1: icmp_seq=1 ttl=64 time=0.111 ms
        --- [NET::ROUTER::enp3s0]::1 ping statistics ---
        1 packets transmitted, 1 received, 0% packet loss, time 0ms


        PING [NET::DESKTOP::enp5s0]::11([NET::DESKTOP::enp5s0]::11) 56 data bytes
        64 bytes from [NET::DESKTOP::enp5s0]::11: icmp_seq=1 ttl=64 time=0.176 ms
        --- [NET::DESKTOP::enp5s0]::11 ping statistics ---
        1 packets transmitted, 1 received, 0% packet loss, time 0ms


        PING google.com(mia07s49-in-x0e.1e100.net (2607:f8b0:4008:803::200e)) 56 data bytes
        64 bytes from mia07s49-in-x0e.1e100.net (2607:f8b0:4008:803::200e): icmp_seq=1 ttl=118 time=20.9 ms
        --- google.com ping statistics ---
        1 packets transmitted, 1 received, 0% packet loss, time 0ms

@ 桌面

    FAIL ping6 -c 1 [NET::MODEM::EXT]::1
    FAIL ping6 -c 1 [NET::MODEM::INT]::1
    OK   ping6 -c 1 [NET::ROUTER::enp2s0]::53
    OK   ping6 -c 1 [NET::ROUTER::enp3s0]::1
    OK   ping6 -c 1 [NET::DESKTOP::enp5s0]::11
    FAIL ping6 -c 1 google.com


!!!     PING [NET::MODEM::EXT]::1([NET::MODEM::EXT]::1) 56 data bytes
!!!     --- [NET::MODEM::EXT]::1 ping statistics ---
!!!     1 packets transmitted, 0 received, 100% packet loss, time 0ms


!!!     PING [NET::MODEM::INT]::1([NET::MODEM::INT]::1) 56 data bytes
!!!     --- [NET::MODEM::INT]::1 ping statistics ---
!!!     1 packets transmitted, 0 received, 100% packet loss, time 0ms


        PING [NET::ROUTER::enp2s0]::53([NET::ROUTER::enp2s0]::53) 56 data bytes
        64 bytes from [NET::ROUTER::enp2s0]::53: icmp_seq=1 ttl=64 time=0.533 ms
        --- [NET::ROUTER::enp2s0]::53 ping statistics ---
        1 packets transmitted, 1 received, 0% packet loss, time 0ms


        PING [NET::ROUTER::enp3s0]::1([NET::ROUTER::enp3s0]::1) 56 data bytes
        64 bytes from [NET::ROUTER::enp3s0]::1: icmp_seq=1 ttl=64 time=0.500 ms
        --- [NET::ROUTER::enp3s0]::1 ping statistics ---
        1 packets transmitted, 1 received, 0% packet loss, time 0ms


        PING [NET::DESKTOP::enp5s0]::11(NET::DESKTOP::enp5s00]::11) 56 data bytes
        64 bytes from [NET::DESKTOP::enp5s0]::11: icmp_seq=1 ttl=64 time=0.019 ms
        --- [NET::DESKTOP::enp5s0]::11 ping statistics ---
        1 packets transmitted, 1 received, 0% packet loss, time 0ms


!!!     PING google.com(mia07s49-in-x0e.1e100.net (2607:f8b0:4008:803::200e)) 56 data bytes
!!!     --- google.com ping statistics ---
!!!     1 packets transmitted, 0 received, 100% packet loss, time 0ms

相关内容