Created
July 31, 2017 07:58
-
-
Save clyang/9e4279aca6f8dc21b24fc33e68d1a95b to your computer and use it in GitHub Desktop.
Edgerouter-X搭配Hinet IPv6 Dual Stack設定 (eth4串在光世代數據機當wan)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| configure | |
| edit firewall | |
| edit ipv6-name WAN6_IN | |
| set default-action drop | |
| set rule 10 action accept | |
| set rule 10 description "Allow established/related" | |
| set rule 10 state established enable | |
| set rule 10 state related enable | |
| set rule 20 action drop | |
| set rule 20 description "Drop invalid state" | |
| set rule 20 state invalid enable | |
| set rule 30 action accept | |
| set rule 30 description "Allow ICMPv6" | |
| set rule 30 log disable | |
| set rule 30 protocol icmpv6 | |
| up | |
| edit ipv6-name WAN6_LOCAL | |
| set default-action drop | |
| set rule 10 action accept | |
| set rule 10 description "Allow established/related" | |
| set rule 10 state established enable | |
| set rule 10 state related enable | |
| set rule 20 action drop | |
| set rule 20 description "Drop invalid state" | |
| set rule 20 state invalid enable | |
| set rule 30 action accept | |
| set rule 30 description "Allow ICMPv6" | |
| set rule 30 log disable | |
| set rule 30 protocol icmpv6 | |
| set rule 40 action accept | |
| set rule 40 description "Allow DHCPv6" | |
| set rule 40 destination port 546 | |
| set rule 40 protocol udp | |
| set rule 40 source port 547 | |
| up | |
| set all-ping enable | |
| set broadcast-ping disable | |
| set ipv6-receive-redirects disable | |
| set ipv6-src-route disable | |
| set ip-src-route disable | |
| set log-martians enable | |
| set receive-redirects disable | |
| set send-redirects enable | |
| set source-validation disable | |
| set syn-cookies enable | |
| top | |
| commit | |
| save | |
| exit | |
| configure | |
| set system host-name UBNT-Gateway | |
| set system offload hwnat enable | |
| delete system time-zone | |
| set system time-zone Asia/Taipei | |
| set interfaces ethernet eth4 pppoe 0 dhcpv6-pd prefix-only | |
| set interfaces ethernet eth4 pppoe 0 ipv6 enable | |
| set interfaces switch switch0 ipv6 address autoconf | |
| set interfaces switch switch0 ipv6 router-advert | |
| set protocols static interface-route6 ::/0 next-hop-interface pppoe0 | |
| set interfaces switch switch0 ipv6 router-advert prefix ::/64 | |
| set interfaces ethernet eth4 pppoe 0 firewall in ipv6-name WAN6_IN | |
| set interfaces ethernet eth4 pppoe 0 firewall local ipv6-name WAN6_LOCAL | |
| set service upnp2 wan pppoe0 | |
| set service upnp2 listen-on switch0 | |
| set service upnp2 nat-pmp enable | |
| set service upnp2 secure-mode disable | |
| commit | |
| save | |
| exit |
在我的情況下 router-advert 要加在 switch0 這頭才有用, 而且還要再加個 prefix ::/64
set interfaces switch switch0 ipv6 router-advert link-mtu 1492
set interfaces switch switch0 ipv6 router-advert prefix ::/64
沒想到這個問題居然過了四五年了都還在。其他一般家用的 router 現在只要勾個 enable IPv6 = native 之類的甚至完全不用動,就暢通無阻了.....
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
最近中華電信全面啟用 IPv6, 按照了這一篇 gist 設定就能拿到 IPv6 的位址了, thanks
但若遇到某些網站連不上或很慢, 還需要再執行
set interfaces ethernet eth4 pppoe 0 ipv6 router-advert link-mtu 1492調整 MTU相關問題的可以參考一下 這 或 這