Ping a Specific Port

Question

ensnare

Asked: 2021-01-19 04:30:45 +0800 CST2021-01-19 04:30:45 +0800 CST 2021-01-19 04:30:45 +0800 CST

Working example of IPv6 NPTv6 ip6tables routing with dynamic WAN address (/128 and /56) to LAN

772

I am currently using iptables for my home lab router and would like to add IPv6. I have 2 ISPs.

My first ISP assigns a /128 to the interface and the ability to request /56. ISP1 is connected to eno1.

My second ISP assigns a /128 to the interface and the ability to request /64. ISP2 is connected to eno2.

My LAN is enp2s0f0.

How can I get the clients on my LAN to use a ULA IP range that "maps" to the IPv6 ranges assigned dynamically to eno1 and eno2? I am thinking I can use some form of policy routing at the edge to route traffic through each ISP

2 Answers

Voted

John Mahowald · Answer 1 · 2021-01-19T14:42:57+08:00

John Mahowald

2021-01-19T14:42:57+08:002021-01-19T14:42:57+08:00

I don't have a full example, as "netmap" was only added to ntftables relatively recently. Kernel part, "netfilter: nft_nat: add netmap support", is in Linux 5.8. User tools are similarly new as of last year, src: add netmap support. Based on the commit message, I think snat now supports saddr maps with CIDR prefixes.

This might be simpler and a tiny bit faster without translation. Consider not using NPT. Advertise both prefixes, and hosts have addresses from each. Optionally, generate a ULA prefix for internal static addressing, but don't map it to public prefixes.

This is a lab, maybe try with NPT and without.

1

ensnare · Answer 2 · 2021-01-19T19:03:11+08:00

ensnare

2021-01-19T19:03:11+08:002021-01-19T19:03:11+08:00

I was able to get this to work with iptables.

cat /etc/radvd.conf interface enp2s0f0 {

    AdvSendAdvert on;
    AdvManagedFlag on;

    prefix fd8a:9ae9:9as8:b8d::1/64 {
    };

    RDNSS fd8a:9ae9:9as8:b8d::1
    {
    };

    DNSSL home.example.com
    {
    };

};

In my dhcpcd.conf file

interface enp2s0f0
        static ip_address=10.1.0.1/16
        static routers=10.1.0.1
        static domain_name_servers=8.8.8.8 8.8.4.4
    noipv6rs
 
interface eno1
    metric 10
    ipv6rs
    ia_na 1
    ia_pd 1/::/64 enp2s0f0/0/64

And in my iptables script:

$IP6TABLES -t nat -A POSTROUTING -s fd8a:9ae9:9as8:b8d::1/64 -o eno1 -j NETMAP --to 2604:2000:3201:d991::1/64
$IP6TABLES -t nat -A PREROUTING -d 2604:2000:3201:d991::1/64 -i eno1 -j NETMAP --to fd8a:9ae9:9as8:b8d::1/64

I think I did this correctly -- all seems to be working.

1

Working example of IPv6 NPTv6 ip6tables routing with dynamic WAN address (/128 and /56) to LAN

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?