IPv6 Dual Stack Lab: Unterschied zwischen den Versionen

Version vom 11. Januar 2024, 05:50 Uhr

@@ Zeile 1: / Zeile 1: @@
-=Forwarding einschalten=
+*[[IPv6 Dual Stack Lab Linux Firewall]]
-*sysctl -p
- net.ipv4.ip_forward = 1
- net.ipv6.conf.all.forwarding = 1
-=Interfaces und Routing=
-*cat /etc/network/interfaces
-<pre>
-#Wan Schnittstelle
-auto ens4
-iface ens4 inet6 static
- address 2a02:24d8:71:2441::2/64
- gateway 2a02:24d8:71:2441::1
-iface ens4 inet4 static
- address 194.59.156.163/27
- gateway 194.59.156.161
-#Lan Schnittstelle
-iface ens5 inet4 static
- address 192.168.44.1/24
- #IPv4 Rounting
- post-up ip -4 route add 192.168.45.0/24 via 192.168.44.2
- post-up ip -4 route add 192.168.46.0/24 via 192.168.44.2
- post-up ip -4 route add 192.168.47.0/24 via 192.168.44.2
-auto ens5
-iface ens5 inet6 static
- address 2a02:24d8:71:2444::1/64
- #IPv6 Rounting
- post-up ip -6 route add 2a02:24d8:71:2445::0/64 via 2a02:24d8:71:2444::2
- post-up ip -6 route add 2a02:24d8:71:2446::0/64 via 2a02:24d8:71:2444::2
- post-up ip -6 route add 2a02:24d8:71:2447::0/64 via 2a02:24d8:71:2444::2
-</pre>
-=nftables mit Nat=
-;noch unsicher
-*cat /etc/nftables.conf
-<pre>
-#!/usr/sbin/nft -f
-flush ruleset
-table inet filter {
-	chain input {
-		type filter hook input priority filter;
-	}
-	chain forward {
-		type filter hook forward priority filter;
-	}
-	chain output {
-		type filter hook output priority filter;
-	}
-}
-table ip nat {
-	chain postrouting {
-		type nat hook postrouting priority 100;
-		oif ens4 masquerade
-	 }
-}
-</pre>