V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
sorasyl
V2EX  ›  宽带症候群

老哥们,路由已有 pb 前缀,设备 ipv6 依然无法上网

  •  
  •   sorasyl · 2021-11-29 18:20:21 +08:00 · 3815 次点击
    这是一个创建于 1122 天前的主题,其中的信息可能已经有所发展或是发生改变。
    设备已经分配到了公网的 ipv6 地址,依然无法访问纯 ipv6 网站
    ip6tables 添加以下
    ip6tables -t nat -A POSTROUTING -o pppoe-wan -j MASQUERADE
    就可以通过路由器的 ipv6 地址上网

    请教下各位老哥,如何通过设备的 ipv6 访问公网?
    25 条回复    2021-12-06 08:56:14 +08:00
    datou
        1
    datou  
       2021-11-29 18:45:04 +08:00
    直连电脑 pppoe 拨号看看 v6 通不通
    sorasyl
        2
    sorasyl  
    OP
       2021-11-29 18:50:22 +08:00
    @datou 电脑 pppoe 拨号正常,实际上路由器加上我说的那条 iptable 也可以上网,但是这相当于组了一个 ipv6 的 nat
    acbot
        3
    acbot  
       2021-11-29 18:52:42 +08:00
    啥信息都没有,怎么弄?查看一下 v6 的默认路由 / v6 网关 / v6 的防火墙, 另外用 tracert/traceroute 看一下路由, 一般 wan 口 DHCP 获得的 v6 地址 和 pd 不在一个网段 极端的情况有可能 pd 这个网段运营商没有路由.
    jousca
        4
    jousca  
       2021-11-29 21:16:45 +08:00
    路由器的 IPV6 模式请选择穿透,路由器不参与任何 IPV6 管理。 客户机要直接从光猫拿地址。
    sorasyl
        5
    sorasyl  
    OP
       2021-11-30 00:46:50 +08:00
    @acbot 路由器 traceout 科大论坛,如下:
    traceroute to bbs6.ustc.edu.cn (2001:da8:d800::3), 30 hops max, 64 byte packets
    1 240e:398:332:: 5.750 ms
    2 240e:16:1002:c00::2 8.172 ms

    设备无法 ping 通路由器分配的网关:
    ping6 fe80::1e40:e8ff:fe12:327d
    PING6(56=40+8+8 bytes) fe80::463:37b7:e560:f9c4%en0 --> fe80::1e40:e8ff:fe12:327d
    ping6: sendmsg: No route to host
    ping6: wrote fe80::1e40:e8ff:fe12:327d 16 chars, ret=-1

    v6 路由表如下
    Destination Next Hop Flags Metric Ref Use Iface
    ::/0 fe80::ce1a:faff:feea:e1a0 UG 512 2 0 pppoe-wan
    ::/0 fe80::ce1a:faff:feea:e1a0 UG 512 6 0 pppoe-wan
    240e:398:332:5f::/64 :: U 256 2 0 pppoe-wan
    240e:398:332:5f::/64 :: !n 2147483647 2 0 lo
    240e:39b:3a1:b70::/64 :: U 1024 1 0 br-lan
    240e:39b:3a1:b70::/60 :: !n 2147483647 1 0 lo
    fe80::1e40:e848:7512:327c/128 :: U 256 1 0 pppoe-wan
    fe80::ce1a:faff:feea:e1a0/128 :: U 1 1 0 pppoe-wan
    fe80::/64 :: U 256 1 0 eth0.2
    fe80::/64 :: U 256 1 0 eth0
    fe80::/64 :: U 256 2 0 br-lan
    fe80::/64 :: U 256 1 0 wlan0
    fe80::/64 :: U 256 1 0 wlan1
    ::/0 :: !n -1 2 0 lo
    ::1/128 :: Un 0 7 0 lo
    240e:398:332:5f::/128 :: Un 0 3 0 pppoe-wan
    240e:398:332:5f:1e40:e848:7512:327c/128 :: Un 0 4 0 pppoe-wan
    240e:39b:3a1:b70::/128 :: Un 0 3 0 br-lan
    240e:39b:3a1:b70::1/128 :: Un 0 5 0 br-lan
    fe80::/128 :: Un 0 3 0 eth0.2
    fe80::/128 :: Un 0 3 0 eth0
    fe80::/128 :: Un 0 3 0 br-lan
    fe80::/128 :: Un 0 3 0 wlan0
    fe80::/128 :: Un 0 3 0 wlan1
    fe80::1e40:e848:7512:327c/128 :: Un 0 5 0 pppoe-wan
    fe80::1e40:e8ff:fe12:327c/128 :: Un 0 4 0 eth0.2
    fe80::1e40:e8ff:fe12:327c/128 :: Un 0 2 0 eth0
    fe80::1e40:e8ff:fe12:327d/128 :: Un 0 3 0 br-lan
    fe80::1e40:e8ff:fe12:327e/128 :: Un 0 3 0 wlan0
    fe80::1e40:e8ff:fe12:327f/128 :: Un 0 2 0 wlan1
    ff00::/8 :: U 256 4 0 eth0.2
    ff00::/8 :: U 256 2 0 pppoe-wan
    ff00::/8 :: U 256 1 0 eth0
    ff00::/8 :: U 256 4 0 br-lan
    ff00::/8 :: U 256 1 0 wlan0
    ff00::/8 :: U 256 1 0 wlan1
    ::/0 :: !n -1 2 0 lo
    acbot
        6
    acbot  
       2021-11-30 09:35:50 +08:00
    @sorasyl 根据上面的信息 你 WAN 口 dhcp 得到的地址是:240e:398:332:5f::/64 这个段,分配的 PD 段是:240e:39b:3a1:b70::/60 ,你这个 PD 段我发现运营商可能没有对外发布路由,你可以在路由器上用 ping 命令指定源地址或者是接口分别测试一下两个地址段对外的路由,比如:traceroute bbs6.ustc.edu.cn -s 240e:398:332:5f:1e40:e848:7512:327c ( pppoe-wan v6 公网)或者 traceroute bbs6.ustc.edu.cn -s 240e:39b:3a1:b70::1 ( br-lan pd 公网)注:地址随时会变,另外如果你用 WAN 口的 v6 地址 NAT 能访问你也可以把路由器的 v6 地址分配改成 代理 /桥接 /穿透模式(路由器不一样叫法不一样)直接使用运营商 dhcp 来给你内网分配 v6 地址。
    sorasyl
        7
    sorasyl  
    OP
       2021-11-30 22:58:36 +08:00
    @acbot 感谢老哥,我用 traceroute 分别测试了:
    traceroute6 -s 240e:39b:3a1:b70::1 bbs6.ustc.edu.cn
    traceroute to bbs6.ustc.edu.cn (2001:da8:d800::3) from 240e:39b:3a1:b70::1, 30 hops max, 64 byte packets
    1 240e:398:332:: (240e:398:332::) 6.888 ms 6.529 ms 4.333 ms
    2 240e:16:1002:a706::2 (240e:16:1002:a706::2) 7.710 ms 4.169 ms 240e:16:1002:c0b::2 (240e:16:1002:c0b::2) 5.613 ms
    3 *

    traceroute6 -s 240e:398:332:5f:1e40:e848:7512:327c bbs6.ustc.edu.cn
    traceroute to bbs6.ustc.edu.cn (2001:da8:d800::3) from 240e:398:332:5f:1e40:e848:7512:327c, 30 hops max, 64 byte packets
    1 240e:398:332:: (240e:398:332::) 5.821 ms 5.471 ms 4.521 ms
    2 240e:16:1000:6bf::2 (240e:16:1000:6bf::2) 16.984 ms 4.733 ms 240e:16:1002:a711::2 (240e:16:1002:a711::2) 6.638 ms
    3 240e:16:1001:10f::2 (240e:16:1001:10f::2) 4.998 ms 240e:16:1001:12b::2 (240e:16:1001:12b::2) 3.459 ms 240e:16:1001:114::2 (240e:16:1001:114::2) 4.751 ms
    4 240e::1:31:81:5402 (240e::1:31:81:5402) 38.134 ms 39.012 ms 240e::1:31:81:5302 (240e::1:31:81:5302) 39.610 ms
    5 *

    以上为关闭 ip6tables 测试
    sorasyl
        8
    sorasyl  
    OP
       2021-11-30 23:50:43 +08:00
    @acbot traceroute6 bbs6.ustc.edu.cn -s 240e:398:332:5f:1e40:e89f:3312:327c
    traceroute to bbs6.ustc.edu.cn (2001:da8:d800::3) from 240e:398:332:5f:1e40:e89f:3312:327c, 30 hops max, 64 byte packets
    1 240e:398:332:: (240e:398:332::) 7.669 ms 5.845 ms 4.481 ms
    2 240e:16:1000:702::2 (240e:16:1000:702::2) 4.386 ms 8.288 ms 240e:16:1000:703::2 (240e:16:1000:703::2) 11.790 ms
    3 240e:16:1001:26::2 (240e:16:1001:26::2) 4.119 ms 240e:16:1001:2d::2 (240e:16:1001:2d::2) 4.968 ms 240e:16:1001:e::2 (240e:16:1001:e::2) 10.552 ms
    4 240e::1:31:81:6022 (240e::1:31:81:6022) 34.381 ms * 240e::1:31:81:6402 (240e::1:31:81:6402) 30.460 ms
    5 * * *
    6 240e::e:3:2008:403 (240e::e:3:2008:403) 38.569 ms 37.962 ms 39.352 ms
    7 2001:da8:2:704::1 (2001:da8:2:704::1) 37.627 ms 35.178 ms 43.262 ms
    8 2001:da8:2:16::2 (2001:da8:2:16::2) 47.890 ms 46.925 ms 46.816 ms
    9 2001:da8:2:f::1 (2001:da8:2:f::1) 47.488 ms 46.611 ms 48.111 ms
    10 2001:da8:2:e::2 (2001:da8:2:e::2) 55.295 ms 55.932 ms 60.028 ms
    11 * * 2001:da8:2:111::2 (2001:da8:2:111::2) 59.003 ms
    12 2001:da8:b3:14::2 (2001:da8:b3:14::2) 60.921 ms 61.645 ms 61.812 ms
    13 2001:da8:b3:101::10 (2001:da8:b3:101::10) 58.573 ms 53.646 ms 56.812 ms
    14 bbs6.ustc.edu.cn (2001:da8:d800::3) 54.360 ms 55.533 ms 56.945 ms

    测试应该就是运营商没有对外发布路由
    flynaj
        9
    flynaj  
       2021-12-01 01:28:45 +08:00 via Android
    用 openwrt 21.02 测试一下。老版本可能有 bug.
    acbot
        10
    acbot  
       2021-12-01 09:05:50 +08:00
    @sorasyl 这个应该是 PD 池配错了导致的。你哪里 PD 正常情况应该是 240e:399:: / 240e:39A:: 这样开头的段才对。你可以 10000 号上报一下故障,这个一般是数据或者网络部门的人才能处理,一线的装维是处理不了的。
    qbqbqbqb
        11
    qbqbqbqb  
       2021-12-01 12:43:33 +08:00
    @sorasyl 看来是运营商的锅,自己没办法解决。
    sorasyl
        12
    sorasyl  
    OP
       2021-12-02 21:28:53 +08:00
    @acbot ip6tables -t nat -L
    Chain PREROUTING (policy ACCEPT)
    target prot opt source destination
    DNAT tcp anywhere anywhere tcp dpt:8087 to:[fd61:3912:b533::16e]:8087

    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain POSTROUTING (policy ACCEPT)
    target prot opt source destination
    MASQUERADE all anywhere anywhere

    路由器 ping 设备
    ping6 fd61:3912:b533::16e
    PING fd61:3912:b533::16e(fd61:3912:b533::16e) 56 data bytes
    64 bytes from fd61:3912:b533::16e: icmp_seq=1 ttl=64 time=5.41 ms
    64 bytes from fd61:3912:b533::16e: icmp_seq=2 ttl=64 time=1.71 ms
    --- fd61:3912:b533::16e ping statistics ---
    2 packets transmitted, 2 received, 0% packet loss, time 1002ms
    rtt min/avg/max/mdev = 1.706/3.556/5.407/1.850 ms

    已实现内部设备 v6 NAT 上网,但我使用以下规则无法实现端口转发,请教下如何排查问题
    ip6tables -I INPUT -p tcp --dport 8087 -j ACCEPT
    ip6tables -t nat -I PREROUTING -p tcp --dport 8087 -j DNAT --to [fd61:3912:b533::16e]:8087
    acbot
        13
    acbot  
       2021-12-03 09:00:12 +08:00
    你分别试试:ip6tables -I INPUT -m conntrack --ctstate DNAT -j ACCEPT 或者 ip6tables -t filter -I FORWARD -m conntrack --ctstate DNAT -j ACCEPT 注意规则位置不要再 默认 drop 后,简单就算允许 DNAT 状态包进。 我很奇怪,PD 不通 ,你为何不直通或者中继 WAN 口的 v6 段呢?
    sorasyl
        14
    sorasyl  
    OP
       2021-12-03 11:04:14 +08:00
    @acbot 添加了之后,table 如下
    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    ACCEPT all anywhere anywhere ctstate DNAT
    forwarding_rule all anywhere anywhere /* !fw3: Custom forwarding rule chain */
    ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
    zone_lan_forward all anywhere anywhere /* !fw3 */
    zone_wan_forward all anywhere anywhere /* !fw3 */
    reject all anywhere anywhere /* !fw3 */

    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    ACCEPT tcp anywhere anywhere tcp dpt:32400
    ACCEPT all anywhere anywhere ctstate DNAT
    ACCEPT tcp anywhere anywhere tcp dpt:ssh
    ACCEPT tcp anywhere anywhere tcp dpt:7788
    ACCEPT all anywhere anywhere /* !fw3 */
    input_rule all anywhere anywhere /* !fw3: Custom input rule chain */
    ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
    syn_flood tcp anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN /* !fw3 */
    zone_lan_input all anywhere anywhere /* !fw3 */
    zone_wan_input all anywhere anywhere /* !fw3 */

    telnet 该端口超时
    telnet -6 240e:398:332:9:1e40:e8cd:7b12:327c 32400
    Trying 240e:398:332:9:1e40:e8cd:7b12:327c...
    telnet: connect to address 240e:398:332:9:1e40:e8cd:7b12:327c: Operation timed out
    telnet: Unable to connect to remote host
    sorasyl
        15
    sorasyl  
    OP
       2021-12-03 11:06:57 +08:00
    @sorasyl ip6tables -L -t nat
    Chain PREROUTING (policy ACCEPT)
    target prot opt source destination
    DNAT tcp anywhere anywhere tcp dpt:32400 to:[fdb1:98b4:438b::7f8]:32400

    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain POSTROUTING (policy ACCEPT)
    target prot opt source destination
    MASQUERADE all anywhere anywhere
    acbot
        16
    acbot  
       2021-12-03 14:32:25 +08:00
    ip6tables -t nat -A prerouting_wan_rule -p tcp -m tcp --dport 8087 -j DNAT --to-destination [fd61:3912:b533::16e]:8087
    ip6tables -t filter -A forwarding_wan_rule -m conntrack --ctstate DNAT -j ACCEPT

    按理来说添加这两条规则就可以了,现在你的问题有可能出在 IPv6 masquerading 上,因为我没有调试过 NAT 方式的端口转发,所以你只能把 防火墙 debug 打开自己调试 看日志卡哪里了才能判断。
    acbot
        17
    acbot  
       2021-12-03 14:44:51 +08:00
    @sorasyl 我的环境不一样 我内网的机器都是公网 v6 下做的端口转发。
    sorasyl
        18
    sorasyl  
    OP
       2021-12-03 17:33:13 +08:00
    @acbot 老哥,我试了下改成中继,直接关闭了 lan 的 dhcpv6 ,但是设备拿到的始终是 fe 开头的内网 ip ,不是 isp 下发的公网 ip
    acbot
        19
    acbot  
       2021-12-03 19:45:03 +08:00
    @sorasyl

    打开 OpenWRT 设置–>接口–>LAN->DHCP 服务器–>IPV6 设置 把路由通告服务、DHCPv6 服务、NDP 代理全部设置为中继模式,注意 不勾上选项 总是通告默认路由

    检查 LAN 口设置
    acbot
        20
    acbot  
       2021-12-03 19:47:31 +08:00
    对应 代码里就应该是类似这样

    config dhcp 'lan'
    option interface 'lan'

    ....

    option ndp 'relay'
    option dhcpv6 'relay'
    option ra 'relay'
    sorasyl
        21
    sorasyl  
    OP
       2021-12-04 21:11:04 +08:00
    @acbot network 设置如下
    config interface 'lan'
    option device 'br-lan'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.0'
    option delegate '0'

    config device
    option name 'br-wan'
    option type 'bridge'
    list ports 'eth1'
    list ports 'eth0'

    config interface 'wan'
    option device 'br-wan'
    option proto 'pppoe'
    option username 'CD65772695'
    option password '65772695'
    option ipv6 '1'

    config interface 'wan6'
    option proto 'dhcpv6'
    option device '@wan'
    option reqaddress 'try'
    option reqprefix 'no'

    dhcp 设置如下
    config dhcp 'lan'
    option interface 'lan'
    option start '100'
    option limit '150'
    option leasetime '12h'
    option dhcpv4 'server'
    option ra 'relay'
    option dhcpv6 'relay'
    option ndp 'relay'
    list ra_flags 'none'
    option ndproxy_routing '0'

    config dhcp 'wan'
    option interface 'wan'
    option ignore '1'
    list ra_flags 'none'

    config dhcp 'wan6'
    option interface 'wan6'
    option ignore '1'
    option master '1'
    option ra 'relay'
    option dhcpv6 'relay'
    option ndp 'relay'
    list ra_flags 'none'
    option ndproxy_routing '0'
    sorasyl
        22
    sorasyl  
    OP
       2021-12-04 21:17:03 +08:00
    @sorasyl 设备已经能正确获取到公网 ip ,但依旧找不到路由
    en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=400<CHANNEL_IO>
    ether 3c:06:30:4b:73:6f
    inet6 fe80::463:37b7:e560:f9c4%en0 prefixlen 64 secured scopeid 0xb
    inet 192.168.1.227 netmask 0xffffff00 broadcast 192.168.1.255
    inet6 240e:398:332:129:df:95f1:506a:c13b prefixlen 64 autoconf secured
    inet6 240e:398:332:129:19ba:8549:eb48:faaa prefixlen 64 autoconf temporary
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect
    status: active

    但设备无法找到正确路由
    traceroute6 -s 240e:398:332:129:19ba:8549:eb48:faaa bbs6.ustc.edu.cn
    traceroute6 to bbs6.ustc.edu.cn (2001:da8:d800::3) from 240e:398:332:129:19ba:8549:eb48:faaa, 64 hops max, 12 byte packets
    1 * * *
    2 * * *
    3 *
    sorasyl
        23
    sorasyl  
    OP
       2021-12-04 21:18:27 +08:00
    路由器 v6 路由表
    route -A inet6
    Kernel IPv6 routing table
    Destination Next Hop Flags Metric Ref Use Iface
    ::/0 fe80::ce1a:faff:feea:e1a0 UG 512 5 0 pppoe-wan
    240e:398:332:129:11dc:91a6:7884:44a8/128 :: U 1024 4 0 pppoe-wan
    240e:398:332:129:1511:ff98:66a9:2b16/128 :: U 1024 1 0 pppoe-wan
    240e:398:332:129:300d:2bfd:ffab:91e8/128 :: U 1024 2 0 pppoe-wan
    240e:398:332:129:36c9:3dff:fe0f:361/128 :: U 1024 3 0 pppoe-wan
    240e:398:332:129:45f2:786d:9abc:b052/128 :: U 1024 2 0 pppoe-wan
    240e:398:332:129:705b:d6f0:90d5:8530/128 :: U 1024 1 0 pppoe-wan
    240e:398:332:129:95a9:1ffa:f7b6:7d4e/128 :: U 1024 3 0 pppoe-wan
    240e:398:332:129:a0eb:4c21:5428:f5ec/128 :: U 1024 3 0 pppoe-wan
    240e:398:332:129:c82c:8b6c:196c:9914/128 :: U 1024 3 0 pppoe-wan
    240e:398:332:129::/64 :: UA 256 2 0 pppoe-wan
    240e:398:332:129::/64 :: !n 2147483647 1 0 lo
    fe80::1e40:e8d7:7612:327d/128 :: U 256 1 0 pppoe-wan
    fe80::ce1a:faff:feea:e1a0/128 :: U 1 1 0 pppoe-wan
    fe80::/64 :: U 256 2 0 br-wan
    fe80::/64 :: U 256 2 0 br-lan
    fe80::/64 :: U 256 1 0 wlan0
    fe80::/64 :: U 256 1 0 wlan1
    ::/0 fe80::1 UGDA 1024 5 0 br-wan
    ::/0 fe80::ce1a:faff:feea:e1a0 UGDA 1024 2 0 pppoe-wan
    ::1/128 :: Un 0 7 0 lo
    240e:398:332:129::/128 :: Un 0 3 0 pppoe-wan
    240e:398:332:129:1e40:e8d7:7612:327d/128 :: Un 0 5 0 pppoe-wan
    fe80::/128 :: Un 0 5 0 br-wan
    fe80::/128 :: Un 0 3 0 br-lan
    fe80::/128 :: Un 0 3 0 wlan0
    fe80::/128 :: Un 0 3 0 wlan1
    fe80::1e40:e8d7:7612:327d/128 :: Un 0 4 0 pppoe-wan
    fe80::1e40:e8ff:fe12:327c/128 :: Un 0 3 0 br-lan
    fe80::1e40:e8ff:fe12:327d/128 :: Un 0 5 0 br-wan
    fe80::1e40:e8ff:fe12:327e/128 :: Un 0 3 0 wlan0
    fe80::1e40:e8ff:fe12:327f/128 :: Un 0 2 0 wlan1
    ff00::/8 :: U 256 2 0 br-wan
    ff00::/8 :: U 256 5 0 pppoe-wan
    ff00::/8 :: U 256 5 0 br-lan
    ff00::/8 :: U 256 1 0 wlan0
    ff00::/8 :: U 256 1 0 wlan1
    ::/0 :: !n -1 2 0 lo

    路由器系统设置
    net.ipv6.conf.default.forwarding=2
    net.ipv6.conf.all.forwarding=2
    net.ipv6.conf.default.accept_ra=2
    net.ipv6.conf.all.accept_ra=2
    sorasyl
        24
    sorasyl  
    OP
       2021-12-04 21:20:46 +08:00
    设备路由表
    Internet6:
    Destination Gateway Flags Netif Expire
    default fe80::1e40:e8ff:fe12:327c%en0 UGcg en0
    default fe80::%utun0 UGcIg utun0
    default fe80::%utun1 UGcIg utun1
    ::1 ::1 UHL lo0
    240e:398:332:129::/64 link#11 UC en0
    240e:398:332:129:df:95f1:506a:c13b 3c:6:30:4b:73:6f UHL lo0
    240e:398:332:129:19ba:8549:eb48:faaa 3c:6:30:4b:73:6f UHL lo0
    fe80::%lo0/64 fe80::1%lo0 UcI lo0
    fe80::1%lo0 link#1 UHLI lo0
    fe80::%anpi1/64 link#4 UCI anpi1
    fe80::1c80:20ff:fe1e:8a5a%anpi1 1e:80:20:1e:8a:5a UHLI lo0
    fe80::%anpi0/64 link#5 UCI anpi0
    fe80::1c80:20ff:fe1e:8a59%anpi0 1e:80:20:1e:8a:59 UHLI lo0
    fe80::%en0/64 link#11 UCI en0
    fe80::463:37b7:e560:f9c4%en0 3c:6:30:4b:73:6f UHLI lo0
    fe80::1e40:e8ff:fe12:327c%en0 1c:40:e8:12:32:7c UHLWIir en0
    fe80::%awdl0/64 link#14 UCI awdl0
    fe80::28c4:46ff:fe35:17c4%awdl0 2a:c4:46:35:17:c4 UHLI lo0
    fe80::%llw0/64 link#15 UCI llw0
    fe80::28c4:46ff:fe35:17c4%llw0 2a:c4:46:35:17:c4 UHLI lo0
    fe80::%utun0/64 fe80::7481:c99a:72ad:3621%utun0 UcI utun0
    fe80::7481:c99a:72ad:3621%utun0 link#16 UHLI lo0
    fe80::%utun1/64 fe80::57b5:fcce:7615:3dd5%utun1 UcI utun1
    fe80::57b5:fcce:7615:3dd5%utun1 link#17 UHLI lo0
    ff00::/8 ::1 UmCI lo0
    ff00::/8 link#4 UmCI anpi1
    ff00::/8 link#5 UmCI anpi0
    ff00::/8 link#11 UmCI en0
    ff00::/8 link#14 UmCI awdl0
    ff00::/8 link#15 UmCI llw0
    ff00::/8 fe80::7481:c99a:72ad:3621%utun0 UmCI utun0
    ff00::/8 fe80::57b5:fcce:7615:3dd5%utun1 UmCI utun1
    ff01::%lo0/32 ::1 UmCI lo0
    ff01::%anpi1/32 link#4 UmCI anpi1
    ff01::%anpi0/32 link#5 UmCI anpi0
    ff01::%en0/32 link#11 UmCI en0
    ff01::%awdl0/32 link#14 UmCI awdl0
    ff01::%llw0/32 link#15 UmCI llw0
    ff01::%utun0/32 fe80::7481:c99a:72ad:3621%utun0 UmCI utun0
    ff01::%utun1/32 fe80::57b5:fcce:7615:3dd5%utun1 UmCI utun1
    ff02::%lo0/32 ::1 UmCI lo0
    ff02::%anpi1/32 link#4 UmCI anpi1
    ff02::%anpi0/32 link#5 UmCI anpi0
    ff02::%en0/32 link#11 UmCI en0
    ff02::%awdl0/32 link#14 UmCI awdl0
    ff02::%llw0/32 link#15 UmCI llw0
    ff02::%utun0/32 fe80::7481:c99a:72ad:3621%utun0 UmCI utun0
    ff02::%utun1/32 fe80::57b5:fcce:7615:3dd5%utun1 UmCI utun1
    acbot
        25
    acbot  
       2021-12-06 08:56:14 +08:00
    你在路由器上用 traceroute6 -s [路由器 br-lan ipv6 公网地址] bbs6.ustc.edu.cn ,你这个情况应该是路由没有通告到下面的设备,正常情况你在设备上添加一条 v6 默认路由指向路由器 LAN 或者 WAN 口就可以通,我个人感觉你之前你修改过默认防火墙,你看一下防火墙上应该有 dhcpv6 icmpv6 ipcmv6-forward 等等允许通过的规则。个人建议你重置一下所有设置然后仅仅只修改

    config dhcp 'lan'
    option interface 'lan'

    ....

    option ndp 'relay'
    option dhcpv6 'relay'
    option ra 'relay'

    另外一般情况 pppoe 成功之后是生成一个 WAN_6 的虚拟接口 你这里这个 WAN6 接口应该是系统自带的 我建议可以删除并且暂时不要配置 option master '1'
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1680 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 26ms · UTC 16:43 · PVG 00:43 · LAX 08:43 · JFK 11:43
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.