这是一个创建于 1005 天前的主题,其中的信息可能已经有所发展或是发生改变。
1. 使用 Wizards 生成配置,勾选 DHCPv6 PD
2. 开启 IPv6
interfaces / ethernet / eth0 / pppoe / 0 / ipv6 / enable
3. 开启 mss
2. 开启 IPv6
interfaces / ethernet / eth0 / pppoe / 0 / ipv6 / enable
3. 开启 mss
 |
1
Autonomous 2022-06-05 21:09:48 +08:00
假设 WAN 口在 eth0 ,运营商给的前缀长度是 60 ,可以配成 DHCPv6-stateless ,记得把防火墙规则给写了:
``` configure # Configure the PPPoE for IPv6(eth0): set interfaces ethernet eth0 pppoe 0 ipv6 enable set interfaces ethernet eth0 pppoe 0 ipv6 address autoconf set interfaces ethernet eth0 pppoe 0 ipv6 dup-addr-detect-transmits 1 set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 prefix-length /60 set interfaces ethernet eth0 pppoe 0 dhcpv6-pd rapid-commit enable set interfaces ethernet eth0 pppoe 0 dhcpv6-pd prefix-only # Enable IPv6 DHCPv6-stateless on the LAN(switch0): set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 interface switch0 host-address ::1 set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 interface switch0 prefix-id :0 set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 interface switch0 service dhcpv6-stateless # Enable IPv6 on switch0: set interfaces switch switch0 ipv6 dup-addr-detect-transmits 1 set interfaces switch switch0 ipv6 router-advert cur-hop-limit 64 set interfaces switch switch0 ipv6 router-advert link-mtu 0 set interfaces switch switch0 ipv6 router-advert managed-flag false set interfaces switch switch0 ipv6 router-advert max-interval 600 set interfaces switch switch0 ipv6 router-advert other-config-flag false set interfaces switch switch0 ipv6 router-advert prefix '::/64' autonomous-flag true set interfaces switch switch0 ipv6 router-advert prefix '::/64' on-link-flag true set interfaces switch switch0 ipv6 router-advert prefix '::/64' valid-lifetime 259200 set interfaces switch switch0 ipv6 router-advert reachable-time 0 set interfaces switch switch0 ipv6 router-advert retrans-timer 0 set interfaces switch switch0 ipv6 router-advert send-advert true # create a policy for WAN->Router: set firewall ipv6-name WANv6_LOCAL default-action drop set firewall ipv6-name WANv6_LOCAL description 'Local network traffic' set firewall ipv6-name WANv6_LOCAL enable-default-log set firewall ipv6-name WANv6_LOCAL rule 10 action accept set firewall ipv6-name WANv6_LOCAL rule 10 description 'Allow established/related sessions' set firewall ipv6-name WANv6_LOCAL rule 10 state established enable set firewall ipv6-name WANv6_LOCAL rule 10 state related enable set firewall ipv6-name WANv6_LOCAL rule 20 action drop set firewall ipv6-name WANv6_LOCAL rule 20 description 'Drop invalid state' set firewall ipv6-name WANv6_LOCAL rule 20 state invalid enable set firewall ipv6-name WANv6_LOCAL rule 30 action accept set firewall ipv6-name WANv6_LOCAL rule 30 description 'Allow IPv6 icmp' set firewall ipv6-name WANv6_LOCAL rule 30 protocol icmpv6 set firewall ipv6-name WANv6_LOCAL rule 40 action accept set firewall ipv6-name WANv6_LOCAL rule 40 description 'allow dhcpv6' set firewall ipv6-name WANv6_LOCAL rule 40 destination port 546 set firewall ipv6-name WANv6_LOCAL rule 40 protocol udp set firewall ipv6-name WANv6_LOCAL rule 40 source port 547 # create a policy for WAN->LAN Clients: set firewall ipv6-name WANv6_IN default-action drop set firewall ipv6-name WANv6_IN description 'WAN inbound traffic to the router' set firewall ipv6-name WANv6_IN enable-default-log set firewall ipv6-name WANv6_IN rule 10 action accept set firewall ipv6-name WANv6_IN rule 10 description 'Allow established/related sessions' set firewall ipv6-name WANv6_IN rule 10 state established enable set firewall ipv6-name WANv6_IN rule 10 state related enable set firewall ipv6-name WANv6_IN rule 20 action drop set firewall ipv6-name WANv6_IN rule 20 description 'Drop invalid state' set firewall ipv6-name WANv6_IN rule 20 state invalid enable set firewall ipv6-name WANv6_IN rule 30 action accept set firewall ipv6-name WANv6_IN rule 30 description 'Allow IPv6 icmp' set firewall ipv6-name WANv6_IN rule 30 protocol icmpv6 set firewall ipv6-name WANv6_IN rule 40 action accept set firewall ipv6-name WANv6_IN rule 40 description 'allow dhcpv6' set firewall ipv6-name WANv6_IN rule 40 destination port 546 set firewall ipv6-name WANv6_IN rule 40 protocol udp set firewall ipv6-name WANv6_IN rule 40 source port 547 set firewall ipv6-receive-redirects disable set firewall ipv6-src-route disable set interfaces ethernet eth0 pppoe 0 firewall in ipv6-name WANv6_IN set interfaces ethernet eth0 pppoe 0 firewall local ipv6-name WANv6_LOCAL commit save exit ``` |
 |
2
letmefly 2023-06-20 20:57:12 +08:00
这个帖子简洁!
家里的移动宽带,也是差不多的配置,区别就是我还开了 interfaces / ethernet / eth0 / pppoe / 0 / ipv6 / address / autoconf ,不知道是不是多余了。 单位里的电信宽带,基本上就是 2 楼的设置,但是会产生 n 多的临时地址。 |
 |
3
zq19890000 217 天前
DHCP 模式可以开启 Ipv6 吗
|
Select Language