wiki:TipAndDoc/service/sakura/ipv6

Version 7 (modified by mitty, 13 years ago) (diff)

--

using Sakura 6rd

  • さくらの6rd(トライアル) « さくらインターネット研究所
    • 6rd設定方法(Ubuntu10.10編) « さくらインターネット研究所
      1. IPv6アドレスの算出
        # printf "2001:e41:%02x%02x:%02x%02x::1\n" 59 106 69 124
        2001:e41:3b6a:457c::1
        
      2. /etc/network/interfaces ファイルの編集
        # vi /etc/network/interfaces   (以下を追加)
        auto tun6rd
        iface tun6rd inet6 v4tunnel
                address 2001:e41:3b6a:457c::1
                netmask 32
                local 59.106.69.124
                endpoint any
                gateway ::61.211.224.125
                ttl 64
                up ip tunnel 6rd dev tun6rd 6rd-prefix 2001:e41::/32
                up ip link set mtu 1280 dev tun6rd
        
      3. 設定反映を確認
        # ifconfig tun6rd
        tun6rd    Link encap:IPv6-in-IPv4
                  inet6アドレス: ::59.106.69.124/128 範囲:Compat
                  inet6アドレス: 2001:e41:3b6a:457c::1/32 範囲:グローバル
                  UP RUNNING NOARP  MTU:1280  メトリック:1
                  RXパケット:0 エラー:0 損失:0 オーバラン:0 フレーム:0
                  TXパケット:0 エラー:0 損失:0 オーバラン:0 キャリア:0
                  衝突(Collisions):0 TXキュー長:0
                  RXバイト:0 (0.0 B)  TXバイト:0 (0.0 B)
        
        # ip tunnel show
        sit0: ipv6/ip  remote any  local any  ttl 64  nopmtudisc 6rd-prefix 2002::/16
        tun6rd: ipv6/ip  remote any  local 59.106.69.124  ttl 64  6rd-prefix 2001:e41::/32
        
        # ip -6 route show | grep default
        default via ::61.211.224.125 dev tun6rd  metric 1024  mtu 1280 advmss 1220 hoplimit 0
        

6rd on Ubuntu 10.04 lucid

re-enable IPv6

  • $ sudo vim /etc/sysctl.conf
    Index: /etc/ufw/sysctl.conf
    ===================================================================
    --- /etc/ufw/sysctl.conf        (revision 530)
    +++ /etc/ufw/sysctl.conf        (revision 531)
    @@ -30,8 +30,3 @@
    
     #net/ipv4/tcp_fin_timeout=30
     #net/ipv4/tcp_keepalive_intvl=1800
    -
    -#disable ipv6
    -net.ipv6.conf.all.disable_ipv6 = 1
    -net.ipv6.conf.default.disable_ipv6 = 1
    -net.ipv6.conf.lo.disable_ipv6 = 1
    
  • $ sudo vim /etc/ufw/sysctl.conf
    Index: /etc/sysctl.conf
    ===================================================================
    --- /etc/sysctl.conf    (revision 530)
    +++ /etc/sysctl.conf    (revision 531)
    @@ -32,11 +32,6 @@
     #net.ipv6.conf.all.forwarding=1
    
    
    -#disable ipv6
    -net.ipv6.conf.all.disable_ipv6 = 1
    -net.ipv6.conf.default.disable_ipv6 = 1
    -net.ipv6.conf.lo.disable_ipv6 = 1
    -
     ###################################################################
     # Additional settings - these settings can improve the network
     # security of the host and prevent against some network attacks
    

backport maverick kernel

  • $ sudo aptitude install linux-headers-generic-lts-backport-maverick linux-image-generic-lts-backport-maverick
      linux-headers-2.6.35-23{a} linux-headers-2.6.35-23-generic{a}
      linux-headers-generic-lts-backport-maverick linux-image-2.6.35-23-generic
      linux-image-generic-lts-backport-maverick
    

backport maverick iproute

  • $ sudo aptitude install -R python-software-properties
      python-software-properties unattended-upgrades{a}
    
  • $ sudo add-apt-repository ppa:nathan-launchpad/iproute-lucid-ppa
    Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv 0ABF9419A50E06EF0E31A901F798C386A6A6010B
    gpg: requesting key A6A6010B from hkp server keyserver.ubuntu.com
    gpg: key A6A6010B: public key "Launchpad iproute-ppa" imported
    gpg: Total number processed: 1
    gpg:               imported: 1  (RSA: 1)
    
  • $ sudo aptitude update
  • $ sudo aptitude install iproute
      iproute
    

apply settings

  • printf "2001:e41:%02x%02x:%02x%02x::1\n" 59 106 180 123
    2001:e41:3b6a:b47b::1
    
  • $ sudo vim /etc/default/ufw
    Index: /etc/default/ufw
    ===================================================================
    --- /etc/default/ufw    (revision 532)
    +++ /etc/default/ufw    (revision 533)
    @@ -4,7 +4,7 @@
     # Set to yes to apply rules to support IPv6 (no means only IPv6 on loopback
     # accepted). You will need to 'disable' and then 'enable' the firewall for
     # the changes to take affect.
    -IPV6=no
    +IPV6=yes
    
     # Set the default input policy to ACCEPT, ACCEPT_NO_TRACK, DROP, or REJECT.
     # ACCEPT enables connection tracking for NEW inbound packets on the INPUT
    Index: /etc/network/interfaces
    
  • $ sudo vim /etc/network/interfaces
    ===================================================================
    --- /etc/network/interfaces     (revision 532)
    +++ /etc/network/interfaces     (revision 533)
    @@ -16,3 +16,14 @@
    	 # dns-* options are implemented by the resolvconf package, if installed
    	 dns-nameservers 210.188.224.10
    	 dns-search sakura.ne.jp
    +
    +auto tun6rd
    +iface tun6rd inet6 v4tunnel
    +	address 2001:e41:3b6a:b47b::1
    +	netmask 32
    +	local 59.106.180.123
    +	endpoint any
    +	gateway ::61.211.224.125
    +	ttl 64
    +	up ip tunnel 6rd dev tun6rd 6rd-prefix 2001:e41::/32
    +	up ip link set mtu 1280 dev tun6rd
    

check IPv6 access