学校的网络有点特殊,只要不经过NAT,任何机器都能通过端口获得IPv6地址(貌似是哪种IPv6地址分配协议)。而宿舍因为多人上网必须要通过路由使用NAT分配IPv4地址,所以要设置只能允许IPv6包通过的网桥。
网上找到一张图,描述的就是这种情况:
我用的路由是TP-WR703N,
需要安装kmod-ipv6,ebtables ipv6 等等一些软件包。
这是我的配置:
/etc/config/network
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'interface' 'lan'
option 'proto' 'static'
option 'ipaddr' '192.168.1.1'
option 'netmask' '255.255.255.0'
config 'interface' 'wan'
option 'proto' 'static'
option 'ipaddr' '222.233.133.165'
option 'netmask' '255.255.255.0'
option 'gateway' '222.233.133.1'
option 'dns' '8.8.8.8'
option 'ifname' 'eth0'
option 'ipv6' '1'
/etc/config/wireless
config 'wifi-device' 'radio0'
option 'type' 'mac80211'
option 'channel' '11'
option 'macaddr' '5c:63:bf:9a:e1:aa'
option 'hwmode' '11ng'
option 'htmode' 'HT40-'
list 'ht_capab' 'SHORT-GI-20'
list 'ht_capab' 'SHORT-GI-40'
list 'ht_capab' 'RX-STBC1'
list 'ht_capab' 'DSSS_CCK-40'
option 'disabled' '0'
option 'txpower' '18'
option 'country' 'US'
config 'wifi-iface'
option 'device' 'radio0'
option 'network' 'lan'
option 'mode' 'ap'
option 'ssid' 'TP-LINK_BEN'
option 'encryption' 'psk2'
option 'key' '123456'
然后输入执行下面命令:
ebtables -t broute -A BROUTING -p ! ipv6 -j DROP
brctl addbr br0
ifconfig br0 up
brctl addif br0 eth0
brctl addif br0 wlan0
/etc/config/network
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'interface' 'lan'
option 'proto' 'static'
option 'ipaddr' '192.168.1.1'
option 'netmask' '255.255.255.0'
config 'interface' 'wan'
option 'proto' 'static'
option 'ipaddr' '222.233.133.165'
option 'netmask' '255.255.255.0'
option 'gateway' '222.233.133.1'
option 'dns' '8.8.8.8'
option 'ifname' 'eth0'
option 'ipv6' '1'
/etc/config/wireless
config 'wifi-device' 'radio0'
option 'type' 'mac80211'
option 'channel' '11'
option 'macaddr' '5c:63:bf:9a:e1:aa'
option 'hwmode' '11ng'
option 'htmode' 'HT40-'
list 'ht_capab' 'SHORT-GI-20'
list 'ht_capab' 'SHORT-GI-40'
list 'ht_capab' 'RX-STBC1'
list 'ht_capab' 'DSSS_CCK-40'
option 'disabled' '0'
option 'txpower' '18'
option 'country' 'US'
config 'wifi-iface'
option 'device' 'radio0'
option 'network' 'lan'
option 'mode' 'ap'
option 'ssid' 'TP-LINK_BEN'
option 'encryption' 'psk2'
option 'key' '123456'
然后输入执行下面命令:
ebtables -t broute -A BROUTING -p ! ipv6 -j DROP
brctl addbr br0
ifconfig br0 up
brctl addif br0 eth0
brctl addif br0 wlan0
一些参考:
http://ip6.fr/free-broute/
Discussion:
http://www.mail-archive.com/misc@openbsd.org/msg55303.html
Some details:
If you operate under Debian, you probably need the packages bridge-utils and ebtables. Here we have excluded only because IPv6, unlike IPv4, we do not use ARP protocol as (which is not the IP). The neighbor solicitations are made in multicast. Be careful not to leave any IPv6 addresses on the interfaces of the bridge. For the Linux machine uses IPv6 must be configured br0 interface. Using a Proxy Neighbor Discovery as described in RFC 4389 would certainly have been cleaner, but I found no implementation for Linux. Edit 21/12/2007: It seems that the proxy ndp be implemented from kernel 2.6.19 via the sysctl net.ipv6.conf .*. proxy_ndp. (Thanks to kaouete for the info.) Edit of 31/01/2008: Tutorial on using the NDP in this case Linux (Thanks to Patrick for the link). I prefer the brouting. The choice is yours. Edit of 27/06/2008: Another solution with real routing (Thanks to Thierry for the link).
Discussion:
http://www.mail-archive.com/misc@openbsd.org/msg55303.html