怎么设置让内网 V6 可以正常被访问

2023-02-20 17:03:27 +08:00
 pota

家里现在是公网 v4 v6 内网设备已经能拿到公网 v6 地址 v6 测试也能通过,但是没法直接在外网通过 v6 访问到内网设备,ddns 的 openwrt 可以正常访问,内网需要怎么设置才能公开?

1329 次点击
所在节点    OpenWrt
10 条回复
kimking
2023-02-20 17:05:10 +08:00
防火墙入站放行。tplink 的家用路由就不用试了,默认开启 v6 防火墙且不可调整。
novolunt
2023-02-20 17:15:21 +08:00
@kimking 目前 ISP 企业宽带没开 ipV6 吧
pota
2023-02-20 17:28:18 +08:00
@novolunt #2 家宽

@kimking #1 需要怎么配置,我是裸机的软路由。按配置改了好多都不行。。
mcluyu
2023-02-20 17:52:40 +08:00
内网什么设备, 设备自己也有防火墙的,比如 Windows
lovelylain
2023-02-20 18:26:31 +08:00
默认情况下 wan 是拒绝转发的,你可以改为接受,或者 wan 分离为 wan wan6 然后只对 wan6 转发,也可以自己加 ip6tables 规则
hertzry
2023-02-20 19:41:23 +08:00
”ddns 的 openwrt 可以正常访问“?

你先解决公网直接访问路由器的问题,然后才是访问路由器后面的设备。
neroxps
2023-02-21 05:27:26 +08:00
ip6tables -S 发出来大家看看就知道了
pota
2023-02-21 09:16:19 +08:00
@hertzry #6 就是 v4 v6 都能访问 openwrt 但是 v6 没法穿透 到设备
@mcluyu #4 这个检查了没问题,威联通 nas 开了 v6 访问
@jobmailcn #5 防火墙 wan wan6 是接受转发的,内网通过 v4 转发已经能访问了 现在是准备套 cf 直接访问内网 v6
pota
2023-02-21 09:16:28 +08:00
@neroxps #7 -P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N MINIUPNPD
-N SOCAT
-N forwarding_docker_rule
-N forwarding_lan_rule
-N forwarding_rule
-N forwarding_vpn_rule
-N forwarding_wan_rule
-N input_docker_rule
-N input_lan_rule
-N input_rule
-N input_vpn_rule
-N input_wan_rule
-N output_docker_rule
-N output_lan_rule
-N output_rule
-N output_vpn_rule
-N output_wan_rule
-N reject
-N syn_flood
-N zone_docker_dest_ACCEPT
-N zone_docker_forward
-N zone_docker_input
-N zone_docker_output
-N zone_docker_src_ACCEPT
-N zone_lan_dest_ACCEPT
-N zone_lan_forward
-N zone_lan_input
-N zone_lan_output
-N zone_lan_src_ACCEPT
-N zone_vpn_dest_ACCEPT
-N zone_vpn_forward
-N zone_vpn_input
-N zone_vpn_output
-N zone_vpn_src_ACCEPT
-N zone_wan_dest_ACCEPT
-N zone_wan_forward
-N zone_wan_input
-N zone_wan_output
-N zone_wan_src_ACCEPT
-A INPUT -j SOCAT
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i eth0 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i pppoe-Wan -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i tun0 -m comment --comment "!fw3" -j zone_vpn_input
-A INPUT -i docker0 -m comment --comment "!fw3" -j zone_docker_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i pppoe-Wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_vpn_forward
-A FORWARD -i docker0 -m comment --comment "!fw3" -j zone_docker_forward
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o pppoe-Wan -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_vpn_output
-A OUTPUT -o docker0 -m comment --comment "!fw3" -j zone_docker_output
-A SOCAT -p tcp -m tcp --dport 8000 -m comment --comment Openwrt -j ACCEPT
-A SOCAT -p tcp -m tcp --dport 8001 -m comment --comment QNAP -j ACCEPT
-A SOCAT -p tcp -m tcp --dport 8389 -m comment --comment "远程桌面" -j ACCEPT
-A SOCAT -p udp -m udp --dport 500 -m comment --comment IKE -j ACCEPT
-A SOCAT -p udp -m udp --dport 4500 -m comment --comment IPsec -j ACCEPT
-A SOCAT -p tcp -m tcp --dport 1701 -m comment --comment L2TP -j ACCEPT
-A SOCAT -p udp -m udp --dport 1701 -m comment --comment L2TP -j ACCEPT
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_docker_dest_ACCEPT -o docker0 -m comment --comment "!fw3" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Custom docker forwarding rule chain" -j forwarding_docker_rule
-A zone_docker_forward -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_input -m comment --comment "!fw3: Custom docker input rule chain" -j input_docker_rule
-A zone_docker_input -m comment --comment "!fw3" -j zone_docker_src_ACCEPT
-A zone_docker_output -m comment --comment "!fw3: Custom docker output rule chain" -j output_docker_rule
-A zone_docker_output -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_src_ACCEPT -i docker0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to vpn forwarding policy" -j zone_vpn_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_vpn_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_vpn_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3: Custom vpn forwarding rule chain" -j forwarding_vpn_rule
-A zone_vpn_forward -m comment --comment "!fw3: Zone vpn to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3: Zone vpn to lan forwarding policy" -j zone_lan_dest_ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT
-A zone_vpn_input -m comment --comment "!fw3: Custom vpn input rule chain" -j input_vpn_rule
-A zone_vpn_input -m comment --comment "!fw3" -j zone_vpn_src_ACCEPT
-A zone_vpn_output -m comment --comment "!fw3: Custom vpn output rule chain" -j output_vpn_rule
-A zone_vpn_output -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT
-A zone_vpn_src_ACCEPT -i tun0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-Wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-Wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p tcp -m comment --comment "!fw3: 开放 v6" -j ACCEPT
-A zone_wan_forward -p udp -m comment --comment "!fw3: 开放 v6" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -s fc00::/6 -d fc00::/6 -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 1723 -m comment --comment "!fw3: pptp" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 1688 -m comment --comment "!fw3: kms" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 40000:65535 -m comment --comment "!fw3: wxedge" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 40000:65535 -m comment --comment "!fw3: wxedge" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 18888 -m comment --comment "!fw3: wxedge-port" -j reject
-A zone_wan_input -p udp -m udp --dport 18888 -m comment --comment "!fw3: wxedge-port" -j reject
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_ACCEPT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_src_ACCEPT -i pppoe-Wan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
zbinlin
2023-02-21 12:08:54 +08:00
OpenWRT 的默认配置,我只需要添加一条 accept `wan` zone 到 `lan` zone 的 forward 就可以了

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/917681

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX