OpenWRT IPv6: Konfigurasi WAN6 dengan radvd
Revision as of 10:40, 14 June 2013 by Onnowpurbo (talk | contribs) (New page: ==/etc/config/6relayd== config server 'default' option master 'wan6' list network 'lan' option fallback_relay 'rd dhcpv6 ndp' option compat_ula '1' option rd 'relay' option d...)
/etc/config/6relayd
config server 'default' option master 'wan6' list network 'lan' option fallback_relay 'rd dhcpv6 ndp' option compat_ula '1' option rd 'relay' option dhcpv6 'relay' option ndp 'relay'
/etc/config/dhcp
config dnsmasq option domainneeded 1 option boguspriv 1 option filterwin2k 0 # enable for dial on demand option localise_queries 1 option rebind_protection 1 # disable if upstream must serve RFC1918 addresses option rebind_localhost 1 # enable for RBL checking and similar services #list rebind_domain example.lan # whitelist RFC1918 responses for domains option local '/lan/' option domain 'lan' option expandhosts 1 option nonegcache 0 option authoritative 1 option readethers 1 option leasefile '/tmp/dhcp.leases' option resolvfile '/tmp/resolv.conf.auto' #list server '/mycompany.local/1.2.3.4' #option nonwildcard 1 #list interface br-lan #list notinterface lo #list bogusnxdomain '64.94.110.11' config dhcp lan option interface lan option start 100 option limit 150 option leasetime 12h config dhcp wan option interface wan option ignore 1
/etc/config/radvd
config interface option interface 'lan' option AdvSendAdvert '1' option AdvManagedFlag '0' option AdvOtherConfigFlag '0' list client option ignore '0' config prefix option interface 'lan' list prefix option AdvOnLink '1' option AdvAutonomous '1' option AdvRouterAddr '0' option ignore '0' config route option interface 'lan' list prefix option ignore '0' config rdnss option interface 'lan' list addr option ignore '0' config dnssl option interface 'lan' list suffix option ignore '1'
/etc/config/network
config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config globals 'globals' option ula_prefix 'fd49:ddaf:137c::/48' config interface 'lan' option ifname 'eth0.1' option type 'bridge' option proto 'static' option ipaddr '192.168.1.1' option netmask '255.255.255.0' option ip6assign '60' config interface 'wan' option ifname 'eth0.2' option proto 'dhcp' config interface 'wan6' option _orig_ifname '@wan' option _orig_bridge 'false' option proto 'dhcpv6' option ifname 'eth0.2' option reqprefix 'auto' option reqaddress 'force' config switch option name 'switch0' option reset '1' option enable_vlan '1' config switch_vlan option device 'switch0' option vlan '1' config switch_vlan option device 'switch0' option vlan '1' option ports '0t 1 3 4 5' config switch_vlan option device 'switch0' option vlan '2' option ports '0t 2'
/etc/config/system
config system
option hostname BuffaloG300NH2
option timezone UTC+7
config timeserver ntp
list server 0.openwrt.pool.ntp.org
list server 1.openwrt.pool.ntp.org
list server 2.openwrt.pool.ntp.org
list server 3.openwrt.pool.ntp.org
option enable_server 0
/etc/config/wireless
config wifi-device radio0 option type mac80211 option channel 11 option hwmode 11ng option path 'pci0000:00/0000:00:00.0' option htmode HT20 list ht_capab SHORT-GI-40 list ht_capab TX-STBC list ht_capab RX-STBC1 list ht_capab DSSS_CCK-40 # REMOVE THIS LINE TO ENABLE WIFI: option disabled 1 config wifi-iface option device radio0 option network lan option mode ap option ssid OpenWrt option encryption none
/etc/sysctl.conf
kernel.panic=3 net.ipv4.conf.default.arp_ignore=1 net.ipv4.conf.all.arp_ignore=1 net.ipv4.ip_forward=1 net.ipv4.icmp_echo_ignore_broadcasts=1 net.ipv4.icmp_ignore_bogus_error_responses=1 net.ipv4.tcp_ecn=0 net.ipv4.tcp_fin_timeout=30 net.ipv4.tcp_keepalive_time=120 net.ipv4.tcp_syncookies=1 net.ipv4.tcp_timestamps=1 net.ipv4.tcp_sack=1 net.ipv4.tcp_dsack=1 net.ipv6.conf.default.forwarding=1 net.ipv6.conf.all.forwarding=1 net.netfilter.nf_conntrack_acct=1 net.netfilter.nf_conntrack_checksum=0 net.netfilter.nf_conntrack_max=16384 net.netfilter.nf_conntrack_tcp_timeout_established=3600 net.netfilter.nf_conntrack_udp_timeout=60 net.netfilter.nf_conntrack_udp_timeout_stream=180 # disable bridge firewalling by default net.bridge.bridge-nf-call-arptables=0 net.bridge.bridge-nf-call-ip6tables=0 net.bridge.bridge-nf-call-iptables=0
/etc/config/firewall
config defaults option syn_flood '1' option input 'ACCEPT' option output 'ACCEPT' option forward 'REJECT' config zone option name 'lan' list network 'lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'REJECT' config zone option name 'wan' list network 'wan' list network 'wan6' option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' option masq '1' option mtu_fix '1' config forwarding option src 'lan' option dest 'wan' config rule option name 'Allow-DHCP-Renew' option src 'wan' option proto 'udp' option dest_port '68' option target 'ACCEPT' option family 'ipv4' config rule option name 'Allow-Ping' option src 'wan' option proto 'icmp' option icmp_type 'echo-request' option family 'ipv4' option target 'ACCEPT' config rule option name 'Allow-DHCPv6' option src 'wan' option proto 'udp' option src_ip 'fe80::/10' option src_port '547' option dest_ip 'fe80::/10' option dest_port '546' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Input' option src 'wan' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' list icmp_type 'router-solicitation' list icmp_type 'neighbour-solicitation' list icmp_type 'router-advertisement' list icmp_type 'neighbour-advertisement' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Forward' option src 'wan' option dest '*' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config include option path '/etc/firewall.user' config include 'miniupnpd' option type 'script' option path '/usr/share/miniupnpd/firewall.include' option family 'IPv4' option reload '1'