1. goal
- clients all allocated with private ipv6 address with a specified ULA prefix, not public ipv6 address
- clients' can visit public ipv6 internet, but cannot be visited from public ipv6 internet
2. network toplogic
- a main router support ipv6, and ISP assigned a public ipv6 address, ipv6 and ipv4 both works well
- a secondary router run openwrt behind main router, ipv6 and ipv4 both works well
- clients behind openwrt router, allocated with private ipv6 address from openwrt. now ipv4 works well, but visit outer ipv6 network failed, can visit openwrt via private ipv6 address
3. network config info
/etc/config/network
# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdce:afd0:3d18::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
config device
option name 'eth1'
option macaddr '06:91:62:b4:31:27'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.1'
config device
option name 'eth0'
option macaddr '04:91:62:b4:31:27'
config interface 'wan'
option device 'eth0'
option proto 'dhcp'
option peerdns '0'
list dns '192.168.3.1'
config interface 'wan6'
option device 'eth0'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option peerdns '0'
list dns '::1'
ifconfig
# ifconfig
br-lan Link encap:Ethernet HWaddr 06:91:62:B4:31:27
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::491:62ff:feb4:3127/64 Scope:Link
inet6 addr: fdce:afd0:3d18::1/60 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:36357 errors:0 dropped:0 overruns:0 frame:0
TX packets:55427 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6282092 (5.9 MiB) TX bytes:43703229 (41.6 MiB)
eth0 Link encap:Ethernet HWaddr 04:91:62:B4:31:27
inet addr:192.168.3.73 Bcast:192.168.3.255 Mask:255.255.255.0
inet6 addr: xx:xx:xx:AA:3471:46c2:828f:e/128 Scope:Global
inet6 addr: xx:xx:xx:BB:691:62ff:feb4:3127/64 Scope:Global
inet6 addr: fe80::691:62ff:feb4:3127/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:143465 errors:0 dropped:0 overruns:0 frame:0
TX packets:116999 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:59751679 (56.9 MiB) TX bytes:17795802 (16.9 MiB)
Interrupt:35
eth1 Link encap:Ethernet HWaddr 06:91:62:B4:31:27
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:37172 errors:0 dropped:8 overruns:0 frame:0
TX packets:55424 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6835148 (6.5 MiB) TX bytes:43702859 (41.6 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:65889 errors:0 dropped:0 overruns:0 frame:0
TX packets:65889 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:24728072 (23.5 MiB) TX bytes:24728072 (23.5 MiB)
route table
ip -6 route list table main
default from 240e:381:3831:9100:3471:46c2:828f:e via fe80::1 dev eth0 proto static metric 384 pref medium
default from 240e:381:3831:9183::/64 via fe80::1 dev eth0 proto static metric 384 pref medium
240e:381:3831:9183::/64 dev eth0 proto static metric 256 pref medium
unreachable 240e:381:3831:9183::/64 dev lo proto static metric 2147483647 pref medium
fdce:afd0:3d18::/64 dev br-lan proto static metric 1024 pref medium
unreachable fdce:afd0:3d18::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
4.problem
after google a lot, I knew that I have to two thing to meet my goal:
- add a ipv6 route rule let private ipv6 trafic send to gateway
- use below command to translate private trafic
ip6tables -t nat -I POSTROUTING -s
uci get network.globals.ula_prefix-j MASQUERADE
now I have problem about add a ipv6 route rule. I followed ipv4 add default gateway route, but it not working.how to add such a route rule? I think many people have such a problem, not everyone accept expose inner net to public