Posted: Tue Feb 28, 2023 18:02 Post subject: ipv6 configuration problems in Chinese universities
Hello everyone,I’m a student from Beijing University of Chemical Technology. My device can’t work fine with ipv6,I have spent a lot of time in it, but haven’t find the correct way. I need your help to fix my network.
My router is Linksys EA6500 and I always upgrade to the latest release.(now is r51887)
By the way, in my school, ipv6 is free so my laptop and phones can access to ipv6 network without any configuration if connect directly. The router can easily access to ipv6 in both “Native from ISP” and “DHCPv6” mode too, but devices under the router can’t.
The first idea is ipv6 pass through,I use the script like this
Code:
cd /lib/modules/4.4.302-st37/
/sbin/insmod ebtables
sleep 5
/sbin/insmod ebtable_broute
sleep 5
/sbin/insmod ebtable_filter
sleep 5
brctl addif br0 vlan2
ebtables -t broute -A BROUTING -p IPv6 -j ACCEPT
ebtables -t broute -A BROUTING -p ! IPv6 -i vlan2 -j DROP
Then I find that ipv6 is ok but ipv4 is broken. I use ssh to connect the server through ipv4 and about every 10~20 seconds it will disconnect.
What should I do to fix this?
I tried some methods like radvd and dnsmasq too, they had other problems,I will talk about it later.
If any other information is needed, please tell me.
Thanks.
---------------------------------------------------------------------------------------------------------
---------------------------------------------update at 2023/03/01----------------------------------------
The second idea is radvd, I add this to Custom Configuration:
If you pass through aren't you essentially bridging your WAN to the LAN for IPv6 packets? That seems like a bad idea to me if all of dd-wrt's firewall and routing functionality will be bypassed too. I'm not an expert, but my suggestion would be to advertise a completely different prefix (ULA?) on br0 using dnsmasq and then use NAT66 (ip6tables MASQUERADE target) to share the IPv6 global address you can obtain on the WAN interface.
If you pass through aren't you essentially bridging your WAN to the LAN for IPv6 packets? That seems like a bad idea to me if all of dd-wrt's firewall and routing functionality will be bypassed too. I'm not an expert, but my suggestion would be to advertise a completely different prefix (ULA?) on br0 using dnsmasq and then use NAT66 (ip6tables MASQUERADE target) to share the IPv6 global address you can obtain on the WAN interface.
Thank you for your advice, but your method seem not satisfy my demand.
NAT66 can't easily use port forwarding,and I have many virtual machines and many freshman use it to learn linux system.
Pass through may have some safety concern, but I think I can take care.