banner
Zach

Hi,Ztar

Have a good day!
github

Implementation of Nat6

Implementation of Nat6#

The reason for deploying this is that I am modifying the software router at home. I didn't like using dnsmasq with openwrt, so I spent my winter vacation time implementing my own configuration from scratch, choosing the software and tools I like, and making it DIY.

Some people may ask why we need to set up Nat6 when IPv6 can be directly assigned to each device on the public network.

Actually, it's not that I don't want to configure it, it's just that the tools I'm using are a bit difficult to implement (mainly because of my lack of technical expertise).

Most of the tools used to implement the allocation of public IPv6 addresses are dnsmasq and wide-dhcpv6-client. The tools I'm using are isc-dhcp-server and radvd, with DNS resolution provided by AdGuard Home.

Important

This article is based on Debian 11.8, X86_64 architecture. If you are using a different environment, please search for the corresponding instructions.

1. Edit isc-dhcp-server#

  • Edit isc-dhcp-server
vim /etc/default/isc-dhcp-server
  • Fill in the INTERFACESv6="" with the name of your internal network card (lan port)

1

  • Edit sysctl.conf

    vim /etc/sysctl.conf
    

    2

    It seems that this needs to be modified for broadband from China Telecom

    In /etc/sysctl.conf, change this line from 2 to 1

    net.ipv6.conf.ppp0.accept_ra=1
    

    And for broadband from China Unicom, you need to add another line

    In the /etc/ppp/peers/dsl-provider file, add

    +ipv6
    

    Otherwise, the WAN port will not be able to obtain an IPv6 public address

    • Configure IPv6 static address

      vim /etc/network/interfaces
      

Add the following content, after the configuration of the lan port, in my case, eno1

iface eno1 inet6 static
				address fc00:a:b:100::1
				netmask 64
CleanShot 2024-02-21 at 14.49.10

You can modify this address according to the v6 specification, it is the internal network address

  • Configure dhcp6

    vim /etc/dhcp/dhcpd6.conf
    

    CleanShot 2024-02-21 at 14.52.22

Add the above content, starting from the subnet6 part, the fc00🅰️b:100 should be based on the comparison above

  • Configure ip6tables

    vim /etc/ufw/before6.rules
    

    CleanShot 2024-02-21 at 14.55.44

*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s fc00:a:b:100::/64 -o ppp0 -j MASQUERADE
COMMIT

I am using the ufw firewall, if you want to use other firewalls like iptables or nftables, please search for instructions on how to configure them

Note that ppp0 is the name of your WAN port, please modify it accordingly

2. Install radvd#

apt-get install radvd
vim /etc/radvd.conf

This is mainly used for RA (Router Advertisement), eno1 is the LAN port

CleanShot 2024-02-21 at 15.00.47

interface eno1{

        AdvSendAdvert on;
        prefix fc00:a:b:100::/64{

                AdvOnLink on;
                AdvAutonomous on;
        };

};

Next, we only need to configure the IPv6 DNS. Since I have configured AdGuardHome as the DNS resolver, I just need to specify the v6 address of the lan port in dhcpd6.conf

CleanShot 2024-02-21 at 15.05.37

CleanShot 2024-02-21 at 15.05.08

Either fc00🅰️b💯:1 or fe80::62be:b4ff:fe08 should work

TEST#

You can test whether you have IPv6 on your local network devices

curl 6.ipw.cn

If you have it, congratulations on your success

References#

  1. wide-dhcpv6 https://blog.otakusaikou.com/2020/11/11/x86-soft-router-and-ipv6/
  2. Ubuntu router configuration for IPv4 and IPv6 https://www.youtube.com/watch?v=GnKcM7RZbyc&t=128s
  3. IPv6 port forwarding https://www.emonq.com/ip6tables%E5%AE%9E%E7%8E%B0%E7%AB%AF%E5%8F%A3%E8%BD%AC%E5%8F%91/
  4. radvd https://blog.csdn.net/l0605020112/article/details/18225143
  5. radvd https://www.tomicki.net/ipv6.router.php
  6. Deployment tutorial https://arc.net/l/quote/spnbtpmi

This article is synchronized and updated to xLog by Mix Space
The original link is https://www.ssstttar.com/posts/Z-turn/Nat6


Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.