Difference between revisions of "OpenWRT IPv6: Konfigurasi"

From OnnoWiki
Jump to navigation Jump to search
Line 277: Line 277:
 
  option src 'wan'
 
  option src 'wan'
  
 +
 +
[[Image:Openwrtipv6-7.png|center|200px|thumb]]
  
 
==/var/etc/dnsmasq.conf==
 
==/var/etc/dnsmasq.conf==

Revision as of 14:55, 4 June 2013

/etc/config/6relayd

config server 'default'
	option master 'wan6'
	list network 'lan'
	option rd 'server'
	option dhcpv6 'server'
	option fallback_relay 'rd dhcpv6 ndp'
	option management_level '1'
	option compat_ula '1'
	option always_assume_default '1'
	option rewrite_dns_addr '2001:470:20::2'


/etc/config/dhcp

config dnsmasq
	option boguspriv '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	list server '74.82.42.42'
	list server '2001:470:20::2'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option leasetime '12h'
	option limit '50'
	option force '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
Openwrtipv6-5.png

/etc/config/radvd

config interface
	option interface 'lan'
	option AdvSendAdvert '1'
	option AdvManagedFlag '0'
	option AdvOtherConfigFlag '0'
	list client 
	option ignore '0'

config prefix
	option interface 'lan'
	list prefix 
	option AdvOnLink '1'
	option AdvAutonomous '1'
	option Base6to4Interface 'wan6'
	option ignore '0'

config route
	option interface 'lan'
	list prefix 
	option ignore '0'
	option AdvRoutePreference 'medium'

config rdnss
	option interface 'lan'
	option ignore '0'
	list addr '2001:470:20::2'

config dnssl
	option interface 'lan'
	list suffix 
	option ignore '1'
Openwrtipv6-6.png

/etc/config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix '2001:470:36:ab6::2/64'

config interface 'lan'
	option ifname 'eth0'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.0.222'
	option ip6assign '64'

config interface 'wan'
	option ifname 'eth1'
	option proto 'dhcp'
	option macaddr '00:1E:EC:97:4D:C2'

config interface 'wan6'
	option ifname '@wan'
	option proto '6in4'
	option peeraddr '216.218.221.42'
	option ip6addr '2001:470:35:ab6::2/64'
	option tunnelid '208951'
	option username 'tb51aa9310a105d0.19920640'
	option password 'PASSWORDANDA'
	option ip6prefix '2001:470:36:ab6::/64'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'


Openwrtipv6-1.png
Openwrtipv6-2.png

/etc/config/system

config system
	option hostname 'Linksys-WRT160NL'
	option zonename 'Asia/Jakarta'
	option timezone 'WIT-7'
	option conloglevel '8'
	option cronloglevel '8'

config timeserver 'ntp'
	list server '0.openwrt.pool.ntp.org'
	list server '1.openwrt.pool.ntp.org'
	list server '2.openwrt.pool.ntp.org'
	list server '3.openwrt.pool.ntp.org'

config led 'led_wlan'
	option name 'WLAN'
	option sysfs 'wrt160nl:blue:wlan'
	option trigger 'phy0tpt'


/etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11ng'
	option path 'platform/ath9k'
	option htmode 'HT20'
	list ht_capab 'SHORT-GI-40'
	list ht_capab 'DSSS_CCK-40'
	option disabled '0'
	option channel '1'
	option txpower '12'
	option country 'US'

config wifi-iface
	option device 'radio0'
	option encryption 'none'
	option ssid 'MESH'
	option mode 'adhoc'
	option bssid '02:CA:FF:EE:BA:BE'
	option network 'MESH'

/etc/sysctl.conf

kernel.panic=3
net.ipv4.conf.default.arp_ignore=1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.ip_forward=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.icmp_ignore_bogus_error_responses=1
net.ipv4.tcp_ecn=0
net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_keepalive_time=120
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_timestamps=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_dsack=1

net.ipv6.conf.default.forwarding=2
net.ipv6.conf.all.forwarding=2

net.netfilter.nf_conntrack_acct=1
net.netfilter.nf_conntrack_checksum=0
net.netfilter.nf_conntrack_max=16384
net.netfilter.nf_conntrack_tcp_timeout_established=3600
net.netfilter.nf_conntrack_udp_timeout=60
net.netfilter.nf_conntrack_udp_timeout_stream=180

# disable bridge firewalling by default
net.bridge.bridge-nf-call-arptables=0
net.bridge.bridge-nf-call-ip6tables=0
net.bridge.bridge-nf-call-iptables=0


/etc/config/firewall

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option network 'lan MESH'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fe80::/10'
	option src_port '547'
	option dest_ip 'fe80::/10'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'


Openwrtipv6-7.png

/var/etc/dnsmasq.conf

# auto-generated config file from /etc/config/dhcp
conf-file=/etc/dnsmasq.conf
dhcp-authoritative
localise-queries
read-ethers
bogus-priv
expand-hosts
domain=lan
server=/lan/
server=74.82.42.42
server=2001:470:20::2
dhcp-leasefile=/tmp/dhcp.leases
resolv-file=/tmp/resolv.conf.auto
addn-hosts=/tmp/hosts
stop-dns-rebind
rebind-localhost-ok

dhcp-range=lan,192.168.0.100,192.168.0.149,255.255.255.0,12h
no-dhcp-interface=eth1

address=/Linksys-WRT160NL.lan/192.168.0.222
ptr-record=222.0.168.192.in-addr.arpa,Linksys-WRT160NL.lan


Openwrtipv6-3.png
Openwrtipv6-4.png

Pranala Menarik

Build Firmware

IPv6

Flash Firmware

Misc

UBNT