sorasyl 最近的时间轴更新
sorasyl

sorasyl

V2EX 第 422565 号会员,加入于 2019-06-17 20:01:41 +08:00
sorasyl 最近回复了
设备路由表
Internet6:
Destination Gateway Flags Netif Expire
default fe80::1e40:e8ff:fe12:327c%en0 UGcg en0
default fe80::%utun0 UGcIg utun0
default fe80::%utun1 UGcIg utun1
::1 ::1 UHL lo0
240e:398:332:129::/64 link#11 UC en0
240e:398:332:129:df:95f1:506a:c13b 3c:6:30:4b:73:6f UHL lo0
240e:398:332:129:19ba:8549:eb48:faaa 3c:6:30:4b:73:6f UHL lo0
fe80::%lo0/64 fe80::1%lo0 UcI lo0
fe80::1%lo0 link#1 UHLI lo0
fe80::%anpi1/64 link#4 UCI anpi1
fe80::1c80:20ff:fe1e:8a5a%anpi1 1e:80:20:1e:8a:5a UHLI lo0
fe80::%anpi0/64 link#5 UCI anpi0
fe80::1c80:20ff:fe1e:8a59%anpi0 1e:80:20:1e:8a:59 UHLI lo0
fe80::%en0/64 link#11 UCI en0
fe80::463:37b7:e560:f9c4%en0 3c:6:30:4b:73:6f UHLI lo0
fe80::1e40:e8ff:fe12:327c%en0 1c:40:e8:12:32:7c UHLWIir en0
fe80::%awdl0/64 link#14 UCI awdl0
fe80::28c4:46ff:fe35:17c4%awdl0 2a:c4:46:35:17:c4 UHLI lo0
fe80::%llw0/64 link#15 UCI llw0
fe80::28c4:46ff:fe35:17c4%llw0 2a:c4:46:35:17:c4 UHLI lo0
fe80::%utun0/64 fe80::7481:c99a:72ad:3621%utun0 UcI utun0
fe80::7481:c99a:72ad:3621%utun0 link#16 UHLI lo0
fe80::%utun1/64 fe80::57b5:fcce:7615:3dd5%utun1 UcI utun1
fe80::57b5:fcce:7615:3dd5%utun1 link#17 UHLI lo0
ff00::/8 ::1 UmCI lo0
ff00::/8 link#4 UmCI anpi1
ff00::/8 link#5 UmCI anpi0
ff00::/8 link#11 UmCI en0
ff00::/8 link#14 UmCI awdl0
ff00::/8 link#15 UmCI llw0
ff00::/8 fe80::7481:c99a:72ad:3621%utun0 UmCI utun0
ff00::/8 fe80::57b5:fcce:7615:3dd5%utun1 UmCI utun1
ff01::%lo0/32 ::1 UmCI lo0
ff01::%anpi1/32 link#4 UmCI anpi1
ff01::%anpi0/32 link#5 UmCI anpi0
ff01::%en0/32 link#11 UmCI en0
ff01::%awdl0/32 link#14 UmCI awdl0
ff01::%llw0/32 link#15 UmCI llw0
ff01::%utun0/32 fe80::7481:c99a:72ad:3621%utun0 UmCI utun0
ff01::%utun1/32 fe80::57b5:fcce:7615:3dd5%utun1 UmCI utun1
ff02::%lo0/32 ::1 UmCI lo0
ff02::%anpi1/32 link#4 UmCI anpi1
ff02::%anpi0/32 link#5 UmCI anpi0
ff02::%en0/32 link#11 UmCI en0
ff02::%awdl0/32 link#14 UmCI awdl0
ff02::%llw0/32 link#15 UmCI llw0
ff02::%utun0/32 fe80::7481:c99a:72ad:3621%utun0 UmCI utun0
ff02::%utun1/32 fe80::57b5:fcce:7615:3dd5%utun1 UmCI utun1
路由器 v6 路由表
route -A inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
::/0 fe80::ce1a:faff:feea:e1a0 UG 512 5 0 pppoe-wan
240e:398:332:129:11dc:91a6:7884:44a8/128 :: U 1024 4 0 pppoe-wan
240e:398:332:129:1511:ff98:66a9:2b16/128 :: U 1024 1 0 pppoe-wan
240e:398:332:129:300d:2bfd:ffab:91e8/128 :: U 1024 2 0 pppoe-wan
240e:398:332:129:36c9:3dff:fe0f:361/128 :: U 1024 3 0 pppoe-wan
240e:398:332:129:45f2:786d:9abc:b052/128 :: U 1024 2 0 pppoe-wan
240e:398:332:129:705b:d6f0:90d5:8530/128 :: U 1024 1 0 pppoe-wan
240e:398:332:129:95a9:1ffa:f7b6:7d4e/128 :: U 1024 3 0 pppoe-wan
240e:398:332:129:a0eb:4c21:5428:f5ec/128 :: U 1024 3 0 pppoe-wan
240e:398:332:129:c82c:8b6c:196c:9914/128 :: U 1024 3 0 pppoe-wan
240e:398:332:129::/64 :: UA 256 2 0 pppoe-wan
240e:398:332:129::/64 :: !n 2147483647 1 0 lo
fe80::1e40:e8d7:7612:327d/128 :: U 256 1 0 pppoe-wan
fe80::ce1a:faff:feea:e1a0/128 :: U 1 1 0 pppoe-wan
fe80::/64 :: U 256 2 0 br-wan
fe80::/64 :: U 256 2 0 br-lan
fe80::/64 :: U 256 1 0 wlan0
fe80::/64 :: U 256 1 0 wlan1
::/0 fe80::1 UGDA 1024 5 0 br-wan
::/0 fe80::ce1a:faff:feea:e1a0 UGDA 1024 2 0 pppoe-wan
::1/128 :: Un 0 7 0 lo
240e:398:332:129::/128 :: Un 0 3 0 pppoe-wan
240e:398:332:129:1e40:e8d7:7612:327d/128 :: Un 0 5 0 pppoe-wan
fe80::/128 :: Un 0 5 0 br-wan
fe80::/128 :: Un 0 3 0 br-lan
fe80::/128 :: Un 0 3 0 wlan0
fe80::/128 :: Un 0 3 0 wlan1
fe80::1e40:e8d7:7612:327d/128 :: Un 0 4 0 pppoe-wan
fe80::1e40:e8ff:fe12:327c/128 :: Un 0 3 0 br-lan
fe80::1e40:e8ff:fe12:327d/128 :: Un 0 5 0 br-wan
fe80::1e40:e8ff:fe12:327e/128 :: Un 0 3 0 wlan0
fe80::1e40:e8ff:fe12:327f/128 :: Un 0 2 0 wlan1
ff00::/8 :: U 256 2 0 br-wan
ff00::/8 :: U 256 5 0 pppoe-wan
ff00::/8 :: U 256 5 0 br-lan
ff00::/8 :: U 256 1 0 wlan0
ff00::/8 :: U 256 1 0 wlan1
::/0 :: !n -1 2 0 lo

路由器系统设置
net.ipv6.conf.default.forwarding=2
net.ipv6.conf.all.forwarding=2
net.ipv6.conf.default.accept_ra=2
net.ipv6.conf.all.accept_ra=2
@sorasyl 设备已经能正确获取到公网 ip ,但依旧找不到路由
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 3c:06:30:4b:73:6f
inet6 fe80::463:37b7:e560:f9c4%en0 prefixlen 64 secured scopeid 0xb
inet 192.168.1.227 netmask 0xffffff00 broadcast 192.168.1.255
inet6 240e:398:332:129:df:95f1:506a:c13b prefixlen 64 autoconf secured
inet6 240e:398:332:129:19ba:8549:eb48:faaa prefixlen 64 autoconf temporary
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active

但设备无法找到正确路由
traceroute6 -s 240e:398:332:129:19ba:8549:eb48:faaa bbs6.ustc.edu.cn
traceroute6 to bbs6.ustc.edu.cn (2001:da8:d800::3) from 240e:398:332:129:19ba:8549:eb48:faaa, 64 hops max, 12 byte packets
1 * * *
2 * * *
3 *
@acbot network 设置如下
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option delegate '0'

config device
option name 'br-wan'
option type 'bridge'
list ports 'eth1'
list ports 'eth0'

config interface 'wan'
option device 'br-wan'
option proto 'pppoe'
option username 'CD65772695'
option password '65772695'
option ipv6 '1'

config interface 'wan6'
option proto 'dhcpv6'
option device '@wan'
option reqaddress 'try'
option reqprefix 'no'

dhcp 设置如下
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option ra 'relay'
option dhcpv6 'relay'
option ndp 'relay'
list ra_flags 'none'
option ndproxy_routing '0'

config dhcp 'wan'
option interface 'wan'
option ignore '1'
list ra_flags 'none'

config dhcp 'wan6'
option interface 'wan6'
option ignore '1'
option master '1'
option ra 'relay'
option dhcpv6 'relay'
option ndp 'relay'
list ra_flags 'none'
option ndproxy_routing '0'
@acbot 老哥,我试了下改成中继,直接关闭了 lan 的 dhcpv6 ,但是设备拿到的始终是 fe 开头的内网 ip ,不是 isp 下发的公网 ip
@sorasyl ip6tables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp anywhere anywhere tcp dpt:32400 to:[fdb1:98b4:438b::7f8]:32400

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all anywhere anywhere
@acbot 添加了之后,table 如下
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all anywhere anywhere ctstate DNAT
forwarding_rule all anywhere anywhere /* !fw3: Custom forwarding rule chain */
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
zone_lan_forward all anywhere anywhere /* !fw3 */
zone_wan_forward all anywhere anywhere /* !fw3 */
reject all anywhere anywhere /* !fw3 */

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp anywhere anywhere tcp dpt:32400
ACCEPT all anywhere anywhere ctstate DNAT
ACCEPT tcp anywhere anywhere tcp dpt:ssh
ACCEPT tcp anywhere anywhere tcp dpt:7788
ACCEPT all anywhere anywhere /* !fw3 */
input_rule all anywhere anywhere /* !fw3: Custom input rule chain */
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
syn_flood tcp anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN /* !fw3 */
zone_lan_input all anywhere anywhere /* !fw3 */
zone_wan_input all anywhere anywhere /* !fw3 */

telnet 该端口超时
telnet -6 240e:398:332:9:1e40:e8cd:7b12:327c 32400
Trying 240e:398:332:9:1e40:e8cd:7b12:327c...
telnet: connect to address 240e:398:332:9:1e40:e8cd:7b12:327c: Operation timed out
telnet: Unable to connect to remote host
@acbot ip6tables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp anywhere anywhere tcp dpt:8087 to:[fd61:3912:b533::16e]:8087

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all anywhere anywhere

路由器 ping 设备
ping6 fd61:3912:b533::16e
PING fd61:3912:b533::16e(fd61:3912:b533::16e) 56 data bytes
64 bytes from fd61:3912:b533::16e: icmp_seq=1 ttl=64 time=5.41 ms
64 bytes from fd61:3912:b533::16e: icmp_seq=2 ttl=64 time=1.71 ms
--- fd61:3912:b533::16e ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 1.706/3.556/5.407/1.850 ms

已实现内部设备 v6 NAT 上网,但我使用以下规则无法实现端口转发,请教下如何排查问题
ip6tables -I INPUT -p tcp --dport 8087 -j ACCEPT
ip6tables -t nat -I PREROUTING -p tcp --dport 8087 -j DNAT --to [fd61:3912:b533::16e]:8087
@acbot traceroute6 bbs6.ustc.edu.cn -s 240e:398:332:5f:1e40:e89f:3312:327c
traceroute to bbs6.ustc.edu.cn (2001:da8:d800::3) from 240e:398:332:5f:1e40:e89f:3312:327c, 30 hops max, 64 byte packets
1 240e:398:332:: (240e:398:332::) 7.669 ms 5.845 ms 4.481 ms
2 240e:16:1000:702::2 (240e:16:1000:702::2) 4.386 ms 8.288 ms 240e:16:1000:703::2 (240e:16:1000:703::2) 11.790 ms
3 240e:16:1001:26::2 (240e:16:1001:26::2) 4.119 ms 240e:16:1001:2d::2 (240e:16:1001:2d::2) 4.968 ms 240e:16:1001:e::2 (240e:16:1001:e::2) 10.552 ms
4 240e::1:31:81:6022 (240e::1:31:81:6022) 34.381 ms * 240e::1:31:81:6402 (240e::1:31:81:6402) 30.460 ms
5 * * *
6 240e::e:3:2008:403 (240e::e:3:2008:403) 38.569 ms 37.962 ms 39.352 ms
7 2001:da8:2:704::1 (2001:da8:2:704::1) 37.627 ms 35.178 ms 43.262 ms
8 2001:da8:2:16::2 (2001:da8:2:16::2) 47.890 ms 46.925 ms 46.816 ms
9 2001:da8:2:f::1 (2001:da8:2:f::1) 47.488 ms 46.611 ms 48.111 ms
10 2001:da8:2:e::2 (2001:da8:2:e::2) 55.295 ms 55.932 ms 60.028 ms
11 * * 2001:da8:2:111::2 (2001:da8:2:111::2) 59.003 ms
12 2001:da8:b3:14::2 (2001:da8:b3:14::2) 60.921 ms 61.645 ms 61.812 ms
13 2001:da8:b3:101::10 (2001:da8:b3:101::10) 58.573 ms 53.646 ms 56.812 ms
14 bbs6.ustc.edu.cn (2001:da8:d800::3) 54.360 ms 55.533 ms 56.945 ms

测试应该就是运营商没有对外发布路由
@acbot 感谢老哥,我用 traceroute 分别测试了:
traceroute6 -s 240e:39b:3a1:b70::1 bbs6.ustc.edu.cn
traceroute to bbs6.ustc.edu.cn (2001:da8:d800::3) from 240e:39b:3a1:b70::1, 30 hops max, 64 byte packets
1 240e:398:332:: (240e:398:332::) 6.888 ms 6.529 ms 4.333 ms
2 240e:16:1002:a706::2 (240e:16:1002:a706::2) 7.710 ms 4.169 ms 240e:16:1002:c0b::2 (240e:16:1002:c0b::2) 5.613 ms
3 *

traceroute6 -s 240e:398:332:5f:1e40:e848:7512:327c bbs6.ustc.edu.cn
traceroute to bbs6.ustc.edu.cn (2001:da8:d800::3) from 240e:398:332:5f:1e40:e848:7512:327c, 30 hops max, 64 byte packets
1 240e:398:332:: (240e:398:332::) 5.821 ms 5.471 ms 4.521 ms
2 240e:16:1000:6bf::2 (240e:16:1000:6bf::2) 16.984 ms 4.733 ms 240e:16:1002:a711::2 (240e:16:1002:a711::2) 6.638 ms
3 240e:16:1001:10f::2 (240e:16:1001:10f::2) 4.998 ms 240e:16:1001:12b::2 (240e:16:1001:12b::2) 3.459 ms 240e:16:1001:114::2 (240e:16:1001:114::2) 4.751 ms
4 240e::1:31:81:5402 (240e::1:31:81:5402) 38.134 ms 39.012 ms 240e::1:31:81:5302 (240e::1:31:81:5302) 39.610 ms
5 *

以上为关闭 ip6tables 测试
关于   ·   帮助文档   ·   API   ·   FAQ   ·   我们的愿景   ·   广告投放   ·   感谢   ·   实用小工具   ·   1153 人在线   最高记录 5497   ·     Select Language
创意工作者们的社区
World is powered by solitude
VERSION: 3.9.8.5 · 13ms · UTC 22:16 · PVG 06:16 · LAX 14:16 · JFK 17:16
♥ Do have faith in what you're doing.