Difference between revisions of "IPv6: Router Ubuntu"
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
Line 116: | Line 116: | ||
ip addr add 2a07:1c44:212:c0ca:87e8::1/81 dev enp0s3 | ip addr add 2a07:1c44:212:c0ca:87e8::1/81 dev enp0s3 | ||
ip -6 neigh add proxy 2a07:1c44:212:c0ca:87e8::22 dev tun0 | ip -6 neigh add proxy 2a07:1c44:212:c0ca:87e8::22 dev tun0 | ||
+ | ip route add ::/0 dev tun0 | ||
'''CLIENT''' | '''CLIENT''' | ||
ip addr add 2a07:1c44:212:c0ca:87e8::22/81 dev enp0s3 | ip addr add 2a07:1c44:212:c0ca:87e8::22/81 dev enp0s3 | ||
+ | ip route add ::0 dev enp0s3 | ||
===PROBLEM Skenario: 6project alokasikan DHCPv6 LAN=== | ===PROBLEM Skenario: 6project alokasikan DHCPv6 LAN=== |
Revision as of 17:33, 5 February 2019
Berikut adalah langkah yang perlu dilakukan untuk membuat sebuah router IPv6 sederhana menggunakan Ubuntu.
Akses ke IPv6 Internet
Perhitungan Subnet IPv6
NAT IPv6
Jika dibutuhkan, maka netfilter6 dapat digunakan sebagai NAT IPv6.
IPv6 Masquerading
Seperti layaknya client IPv4, maka client dapat di sembunyikan di belakang router dengan IPv6 masquerading (hide/overlap NAT), seperti
ip6tables -t nat -A POSTROUTING -o tun0 -s fec0::/64 -j MASQUERADE ip6tables -t nat -A POSTROUTING -o teredo -s 2001:0:53aa:64c:20a7:659c:4b0c:e8d7 -j MASQUERADE
IPv6 Destination NAT
Sebuah dedicated IPv6 address global dapat di forward ke internal IPv6 address, seperti,
ip6tables -t nat -A PREROUTING -d 2001:db8:0:1:5054:ff:fe01:2345 -i tun0 -j DNAT --to-destination fec0::5054:ff:fe01:2345
IPv6 Port Forwarding
Sebuah port yang spesifik dapat di forward ke jaringan internal, seperti,
ip6tables -t nat -A PREROUTING -i tun0 -p tcp --dport 8080 -j DNAT --to-destination [fec0::1234]:80
Siapkan OS Ubuntu
Skenario 1: teredo dan Alokasi Stateless untuk LAN lokal
GATEWAY / Router ke Internet
Install radvd
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding ip addr add fec0:1234::dead/64 dev enp0s3 sudo apt install radvd
Edit /etc/radvd.conf
interface enp0s3 { AdvSendAdvert on; prefix fec0:1234::/64 { }; };
Restart
/etc/init.d/radvd restart
NAT ke IPv6 Global
ip6tables -t nat -A POSTROUTING -i enp3s0 -o teredo -s fec0:1234::/64 -j MASQUERADE
Skenario 2: 6project dan IPv6 Static LAN lokal
GATEWAY / Router ke Internet
openvpn --config usernameanda-di-6project.ovpn &
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding ip addr del 2a07:1c44:212:c0ca:87e8::/80 dev tun0 ip addr add 2a07:1c44:212:c0ca:87e8:8000::1/81 dev tun0 ip addr add 2a07:1c44:212:c0ca:87e8:0000::dead/81 dev enp0s3 ip route add ::/0 dev tun0
Flush firewall
ip6tables -t nat -F ip6tables -F
CLIENT
ip addr add 2a07:1c44:212:c0ca:87e8:0000::123/81 dev enp0s3 ip route add ::/0 via 2a07:1c44:212:c0ca:87e8:0000::dead
atau
ip route add ::/0 dev enp0s3
Cek
dig aaaa ipv6.google.com ping6 ipv6.google.com
Skenario 3: 6project alokasikan DHCPv6 LAN + ndp
GATEWAY
Aktifkan neighbor discovery proxy (ndp)
echo 1 > /proc/sys/net/ipv6/conf/all/proxy_ndp
Lakukan proxy ke masing2 IPv6 client, misalnya
ip addr del 2a07:1c44:212:c0ca:87e8:8000::/80 dev tun0 ip addr add 2a07:1c44:212:c0ca:87e8:8000::1/81 dev tun0 ip addr add 2a07:1c44:212:c0ca:87e8::1/81 dev enp0s3 ip -6 neigh add proxy 2a07:1c44:212:c0ca:87e8::22 dev tun0 ip route add ::/0 dev tun0
CLIENT
ip addr add 2a07:1c44:212:c0ca:87e8::22/81 dev enp0s3 ip route add ::0 dev enp0s3
PROBLEM Skenario: 6project alokasikan DHCPv6 LAN
CATATAN:
- DHCPv6 tampaknya hanya bisa mengalokasikan /128 harus di bantu RA utk < /128.
- Routing tidak di set
openvpn --config usernameanda-di-6project.ovpn &
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding ip addr del 2a07:1c44:212:c0ca:87e8::/80 dev tun0 ip addr add 2a07:1c44:212:c0ca:87e8:8000::1/81 dev tun0 ip route add ::/0 dev tun0 ip addr add 2a07:1c44:212:c0ca:87e8::1/81 dev enp0s3
DHCPv6 server
apt install isc-dhcp-server
Edit /etc/dhcp/dhcpd6.conf
default-lease-time 600; max-lease-time 7200; subnet6 2a07:1c44:212:c0ca:87e8::/81 { range6 2a07:1c44:212:c0ca:87e8::1000 2a07:1c44:212:c0ca:87e8::3000; range6 2a07:1c44:212:c0ca:87e8::/81 temporary; prefix6 2a07:1c44:212:c0ca:87e8::1000 2a07:1c44:212:c0ca:87e8::3000 /81; }
chmod -Rf 777 /var/lib/dhcp/ chown -Rf nobody: /var/lib/dhcp/ dhcpd -6 -cf /etc/dhcp/dhcpd6.conf
Aktifkan radvd
sudo apt install radvd
Edit /etc/radvd.conf
interface enp0s3 { AdvSendAdvert on; prefix 2a07:1c44:212:c0ca:87e8::/81 { }; };
Flush firewall
ip6tables -t nat -F ip6tables -F
CLIENT