HEU校园网nat6
发表于:2024-06-17 |
字数统计: 1.8k | 阅读时长: 8分钟 | 阅读量:

HEU校园网nat6

校园网最近完成了光网建设,宿舍内升级为光纤,网络稳定性确实提高了,但是限速还是和之前一样限制100Mbps。

在速度测试中发现电脑直接通过网线连接光猫,IPV6测速可以达到200Mbps,但是分配的IPV6地址不可以再分,所以用路由器拨号后路由器可以分到IPV6地址,下面的设备分不到地址,不能IPV6上网。IPV6上网必须每个设备连接光猫,没有路由器方便,而且路由器还可以进行科学上网,所以用路由器拨号,然后通过nat6将IPV6地址分配给设备。

一、安装iStoreOS

https://istoreos.koolcenter.com/_nuxt/img/logo.04dbfec.png

iStoreOS是OpenWrt的第三方固件

iStoreOS 目标是提供一个人人会用的路由兼轻 NAS 系统,不管是作为路由还是 NAS,你都有相似的操作体验。

系统本身开源免费,目前系统代码开源在:Github iStoreOS

更多请查看官网

1.本人使用的软路由设备是树莓派4B,需要买一个USB网卡当作wan口使用
https://img.chxc.cc/file/125b22347cb22e9a6f212.png

2.下载树莓派专用的固件https://fw.koolcenter.com/iStoreOS/rpi4/

3.然后通过balenaEtcher将固件写入sd卡
https://img.chxc.cc/file/330f749554c2a2bd70146.png

4.将sd卡插入树莓派,然后插电!开机!

5.将电脑网线和树莓派网口连接,电脑浏览器进入软路由默认IP http://192.168.100.1 ,默认账号密码root:password
https://img.chxc.cc/file/7d2448813633ea874541c.png

6.进去后记得改密码,按需要更改默认IP地址

二、网口配置

1.点击 网络>接口>添加新接口,名称wan,协议PPPoE,设备选择USB网卡eth1
https://img.chxc.cc/file/9a2dbf238cf237ca0896a.png

2.保存后点击编辑,填入校园网用户名密码拨号上网,保存应用,稍后会获取到ip地址,如果有IPV6地址会自动出现wan_6接口,再新建一个名称为wan6的接口,协议DHCPv6,设备为@wan_6
https://img.chxc.cc/file/bd1846a4854142b637708.png
https://img.chxc.cc/file/7a48c2cb7ccce48ea783d.png

3.现在路由器有IPv6地址,但是下边设备分不到,所以需要开启nat6

三、开启nat6

1.通过ssh连接路由器,输入命令

1
2
3
opkg update
opkg install ip6tables
opkg install kmod-ipt-nat6

2.在路由器后台 网络>接口>全网络选项 中将IPv6 ULA前缀改为eeee:eeee:eeee::/48
https://img.chxc.cc/file/c9ea5f22df4ea6b2ecb9e.png

3.配置DHCPv6,在路由器后台 网络>接口>lan>DHCP服务器>IPV6设置中

DHCPv6 服务(DHCPv6-Service) 服务器模式

路由通告服务 (Router Advertisement-Service) 服务器模式

NDP 代理 (NDP-Proxy) 禁用

https://img.chxc.cc/file/fd2a1e327147900bd448c.png

4.添加防火墙脚本,在路由器后台 网络>防火墙>自定义规则 ,添加以下内容

1
ip6tables -t nat -A POSTROUTING -o pppoe-wan -j MASQUERADE

https://img.chxc.cc/file/54c9eb071c1bb0feb0d80.png

5.配置网关,在终端内输入命令

1
ip -6 route | grep default

查看当前IPv6默认路由,会显示类似结果
default from (your ipv6) via (gateway) dev eth0.2 proto static metric 512,其中(gateway)括号里的 就是你网络状态下的网关
https://img.chxc.cc/file/38398f48d652ffab37f07.png
其中的
fe80::12c3:abff:fe0d:3d3
就是当前网络的默认网关,这一步至关重要
我们需要将其添加到默认路由
终端里输入命令

1
route -A inet6 add default gw fe80::12c3:abff:fe0d:3d3 dev pppoe-wan

至此配置方面就好了
接下来重启下服务使设置生效

1
2
/etc/init.d/firewall restart
/etc/init.d/network restart

两条命令结束后 电脑仍然无法打开ipv6的话 请重启电脑的网卡 具体操作网络和共享中心-更改适配器设置,右击禁用网卡,再启用网卡。
此时电脑就应该可以正常访问v6了。

6.进行一下ipv6测速,中科大测速站-IPv6
https://img.chxc.cc/file/797cf08389a4f9350606d.png

7.添加开机自动加入IPv6路由,在/etc/hotplug.d/iface/目录下新建名字为 99-ipv6 的文件
内容为

1
2
3
#!/bin/sh
[ "$ACTION" = ifup ] || exit 0
route -A inet6 add default gw fe80::12c3:abff:fe0d:3d3 dev pppoe-wan

添加执行权限

1
chmod +x 99-ipv6

8.新建NAT6服务 。在 /etc/init.d/ 目录下,新建一个 nat6 文件,文件内容如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
#!/bin/sh /etc/rc.common
# NAT6 init script for OpenWrt // Depends on package: kmod-ipt-nat6

START=55

# Options
# -------

# Use temporary addresses (IPv6 privacy extensions) for outgoing connections? Yes: 1 / No: 0
PRIVACY=1

# Maximum number of attempts before this script will stop in case no IPv6 route is available
# This limits the execution time of the IPv6 route lookup to (MAX_TRIES+1)*(MAX_TRIES/2) seconds. The default (15) equals 120 seconds.
MAX_TRIES=15

# An initial delay (in seconds) helps to avoid looking for the IPv6 network too early. Ideally, the first probe is successful.
# This would be the case if the time passed between the system log messages "Probing IPv6 route" and "Setting up NAT6" is 1 second.
DELAY=10

# Logical interface name of outbound IPv6 connection
# There should be no need to modify this, unless you changed the default network interface names
# Edit by Vincent: I never changed my default network interface names, but still I have to change the WAN6_NAME to "wan" instead of "wan6"
WAN6_NAME="wan6"

# ---------------------------------------------------
# Options end here - no need to change anything below

boot() {
[ $DELAY -gt 0 ] && sleep $DELAY
logger -t NAT6 "Probing IPv6 route"
PROBE=0
COUNT=1
while [ $PROBE -eq 0 ]
do
if [ $COUNT -gt $MAX_TRIES ]
then
logger -t NAT6 "Fatal error: No IPv6 route found (reached retry limit)" && exit 1
fi
sleep $COUNT
COUNT=$((COUNT+1))
PROBE=$(route -A inet6 | grep -c '::/0')
done

logger -t NAT6 "Setting up NAT6"

WAN6_INTERFACE=$(uci get "network.$WAN6_NAME.ifname")
if [ -z "$WAN6_INTERFACE" ] || [ ! -e "/sys/class/net/$WAN6_INTERFACE/" ] ; then
logger -t NAT6 "Fatal error: Lookup of $WAN6_NAME interface failed. Were the default interface names changed?" && exit 1
fi
WAN6_GATEWAY=$(route -A inet6 -e | grep "$WAN6_INTERFACE" | awk '/::\/0/{print $2; exit}')
if [ -z "$WAN6_GATEWAY" ] ; then
logger -t NAT6 "Fatal error: No IPv6 gateway for $WAN6_INTERFACE found" && exit 1
fi
LAN_ULA_PREFIX=$(uci get network.globals.ula_prefix)
if [ $(echo "$LAN_ULA_PREFIX" | grep -c -E "^([0-9a-fA-F]{4}):([0-9a-fA-F]{0,4}):") -ne 1 ] ; then
logger -t NAT6 "Fatal error: IPv6 ULA prefix $LAN_ULA_PREFIX seems invalid. Please verify that a prefix is set and valid." && exit 1
fi

ip6tables -t nat -I POSTROUTING -s "$LAN_ULA_PREFIX" -o "$WAN6_INTERFACE" -j MASQUERADE
if [ $? -eq 0 ] ; then
logger -t NAT6 "Added IPv6 masquerading rule to the firewall (Src: $LAN_ULA_PREFIX - Dst: $WAN6_INTERFACE)"
else
logger -t NAT6 "Fatal error: Failed to add IPv6 masquerading rule to the firewall (Src: $LAN_ULA_PREFIX - Dst: $WAN6_INTERFACE)" && exit 1
fi

route -A inet6 add 2000::/3 gw "$WAN6_GATEWAY" dev "$WAN6_INTERFACE"
if [ $? -eq 0 ] ; then
logger -t NAT6 "Added $WAN6_GATEWAY to routing table as gateway on $WAN6_INTERFACE for outgoing connections"
else
logger -t NAT6 "Error: Failed to add $WAN6_GATEWAY to routing table as gateway on $WAN6_INTERFACE for outgoing connections"
fi

if [ $PRIVACY -eq 1 ] ; then
echo 2 > "/proc/sys/net/ipv6/conf/$WAN6_INTERFACE/accept_ra"
if [ $? -eq 0 ] ; then
logger -t NAT6 "Accepting router advertisements on $WAN6_INTERFACE even if forwarding is enabled (required for temporary addresses)"
else
logger -t NAT6 "Error: Failed to change router advertisements accept policy on $WAN6_INTERFACE (required for temporary addresses)"
fi
echo 2 > "/proc/sys/net/ipv6/conf/$WAN6_INTERFACE/use_tempaddr"
if [ $? -eq 0 ] ; then
logger -t NAT6 "Using temporary addresses for outgoing connections on interface $WAN6_INTERFACE"
else
logger -t NAT6 "Error: Failed to enable temporary addresses for outgoing connections on interface $WAN6_INTERFACE"
fi
fi

exit 0
}

启动NAT6服务 。命令如下

1
2
chmod +x /etc/init.d/nat6
/etc/init.d/nat6 enable

修改 /etc/sysctl.conf 文件,添加以下内容(如果没有的话):

1
2
3
4
net.ipv6.conf.default.forwarding=2
net.ipv6.conf.all.forwarding=2
net.ipv6.conf.default.accept_ra=2
net.ipv6.conf.all.accept_ra=2

PS

如果以上重启不生效的话,在 系统>启动项>本地启动脚本 中 exit 0 前添加以下内容

1
2
3
4
5
6
7
8
9
10
11
line=0
while [ $line -eq 0 ]
do
sleep 10
line=`route -A inet6 | grep ::/0 | awk 'END{print NR}'`
done
ip6tables -t nat -A POSTROUTING -o pppoe-wan -j MASQUERADE
route -A inet6 add default gw fe80::12c3:abff:fe0d:3d3 dev pppoe-wan

/etc/init.d/firewall restart
/etc/init.d/network restart

参考

https://evanzj.com/2021/12/20/NAT6/

https://www.istoreos.com/

下一篇:
华为鲲鹏计算服务器更换系统为archlinuxarm