...
| před (pouze IPv4) | po (oboje IPv4 a IPv6) |
|---|
| Blok kódu |
|---|
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# Spoj -> PMV, uplink
auto enp0s8
iface enp0s8 inet static
address 10.107.99.130/30
# AP Oblast-DB2, router 1, tady jsou pripojenci
auto enp0s9
iface enp0s9 inet static
address 10.107.185.1/26 |
| | Blok kódu |
|---|
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# Spoj -> PMV, uplink
auto enp0s8
iface enp0s8 inet static
address 10.107.99.130/30
# AP Oblast-DB2, router 1, tady jsou pripojenci
auto enp0s9
iface enp0s9 inet static
address 10.107.185.1/26
iface enp0s9 inet6 static
address 2a01:16d:b210::/64 |
|
- Na interface routeru doporučuji vždy nasazovat IPv6 adresu s prefixem /64 (pokud tam chcete adresovat více zařízení) nebo /128 (pokud vám stačí jen jedna adresa pro management). Vyvarujte se adresovat velké prefixy /40, /44 a /48 pokud vyloženě nevíte co děláte - přináší to problémy a nestandardní chování. Například nefunguje redistribute static apod.
Shodit a nahodit interface (bacha na ostrý síti!)
...
| před (pouze IPv4) | po (oboje IPv4 a IPv6) |
|---|
| Blok kódu |
|---|
!
! Vzorovy router, oblast DB2, router 1
!
hostname DB2-router1-debian12
log syslog informational
frr defaults traditional
password free
enable password q7823yfbksldmf872fwfigu3ef97
! Verejky IPv4
ip route 89.200.202.0/28 eth0
interface enp0s8
description Spoj -> PMV, uplink
ip ospf cost 10
ip ospf hello-interval 2
ip ospf dead-interval 6
router ospf
ospf router-id 10.107.185.1
redistribute static
|
| | Blok kódu |
|---|
!
! Vzorovy router, oblast DB2, router 1
!
hostname DB2-router1-debian12
log syslog informational
frr defaults traditional
password free
enable password q7823yfbksldmf872fwfigu3ef97
! Verejky IPv4
ip route 89.200.202.0/28 eth0
! IPv6: Agregovana routa pro cely tento router (jde ven pres OSPF)
ipv6 route 2a01:16d:b210::/44 blackhole
interface enp0s8
description Spoj -> PMV, uplink
ip ospf cost 10
ip ospf hello-interval 2
ip ospf dead-interval 6
ipv6 ospf6 area 0.0.0.0
ipv6 ospf6 cost 10
ipv6 ospf6 hello-interval 2
ipv6 ospf6 dead-interval 6
ipv6 ospf6 network point-to-point
router ospf
ospf router-id 10.107.185.1
redistribute static
network 10.107.99.134/30 area 0.0.0.0
router ospf6
ospf6 router-id 10.107.185.1
redistribute static metric-type 1 route-map JEN-VELKY-SUBNETY
route-map JEN-VELKY-SUBNETY permit 10
match ipv6 address prefix-list velikost-40-az-48
ipv6 prefix-list velikost-40-az-48 seq 5 permit 2a01:168::/29 ge 40 le 48
|
|
...
| Blok kódu |
|---|
root@DB2-router1-debian12~# apt install dhcpy6d
root@DB2-router1-debian12~# apt install radvd
root@DB2-router1-debian12~# apt install sudo |
| Blok kódu |
|---|
root@DB2-router1-debian12~# apt install sudo-debian12:~# systemctl enable dhcpy6d |
Poeditovat /etc/dhcpy6d.conf
| Blok kódu |
|---|
# dhcpy6d configuration for hkfree.org
# 2023 VojtaLhota <vpithart@lhota.hkfree.org>
#
# Please see the examples in /usr/share/doc/dhcpy6d and https://dhcpy6.de/documentation for more information.
#
[dhcpy6d]
# Interface to listen to multicast ff02::1:2.
interface = enp0s9
really_do_it = yes
store_config = file
store_file_config = /etc/dhcpy6d-clients.conf
# SQLite DB for leases and LLIP-MAC-mapping.
store_volatile = sqlite
store_sqlite_volatile = /var/lib/dhcpy6d/volatile.sqlite
log = on
log_file = /var/log/dhcpy6d.log
manage_routes_at_start = yes
#
# Adresy a prefixy pro pripojence podle dhcpy6d-clients.conf
#
[class_valid_client]
advertise = addresses prefixes
addresses = hkfree_global_members
prefixes = hkfree_global_members
nameserver = 2a01:168:0:10::f:2 2a01:168:0:10::a
call_up = sudo ip -6 route add $prefix$/$length$ via $router$ dev enp0s9
call_down = sudo ip -6 route delete $prefix$/$length$ via $router$ dev enp0s9
[address_hkfree_global_members]
category = id
pattern = 2a01:16d:b210::$id$
preferred_lifetime = 86400
valid_lifetime = 86400
[prefix_hkfree_global_members]
category = id
pattern = 2a01:16d:b210:$id$::
length = 56
preferred_lifetime = 86400
valid_lifetime = 86400
#
# Nezname MAC adresy: dostanou adresu+prefix z rozsahu "f" na 3 minuty (max 5 minut)
#
[class_default]
advertise = addresses prefixes
addresses = hkfree_global_neznamy
prefixes = hkfree_global_neznamy
t1 = 180
t2 = 180
# tady zamerne neni call_up a call_down - neznama MAC adresa nebude mit routovani
# -> musi se spravne zadat do dhcpy6d-clients.conf, pak bude fungovat
[address_hkfree_global_neznamy]
category = range
range = fa00-ff00
pattern = 2a01:16d:b21f::$range$
preferred_lifetime = 180
valid_lifetime = 300
[prefix_hkfree_global_neznamy]
category = range
range = fa00-ff00
pattern = 2a01:16d:b21f:$range$::
length = 56
preferred_lifetime = 180
valid_lifetime = 300 |
...
| Blok kódu |
|---|
# dhcpy6d configuration for hkfree.org
# 2023 VojtaLhota <vpithart@lhota.hkfree.org>
#
# 1 pripojenec = 1 zaznam
#
# [uid2350] 2350 - ID clena podle userdb
# hostname = uid2350
# mac = 08:00:27:1b:36:f9 MAC adresa klientskeho zarizeni clena
# id = 0700 0700 - cast adresy (bity 49-56), tj. v rozsahu 0100 - ff00
# class = valid_client
#
# [uid2351] 2351 - ID clena podle userdb
# hostname = uid2351
# mac = 08:03:f3:22:33:54 MAC adresa klientskeho zarizeni clena
# id = 7a00 7a00 - cast adresy (bity 49-56), tj. v rozsahu 0100 - ff00
# class = valid_client
[uid2350]
mac = 08:00:27:1b:36:f9
hostname = uid2350
id = 0100
class = valid_client
[uid2351]
mac = 08:00:37:dc:c6:23
hostname = uid2351
id = 0200
class = valid_client
|
Vytvořit /etc/sudoers.d/dhcpy6d-can-alter-ipv6-routes
...