Created
July 31, 2017 07:58
-
-
Save clyang/9e4279aca6f8dc21b24fc33e68d1a95b to your computer and use it in GitHub Desktop.
Edgerouter-X搭配Hinet IPv6 Dual Stack設定 (eth4串在光世代數據機當wan)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| configure | |
| edit firewall | |
| edit ipv6-name WAN6_IN | |
| set default-action drop | |
| set rule 10 action accept | |
| set rule 10 description "Allow established/related" | |
| set rule 10 state established enable | |
| set rule 10 state related enable | |
| set rule 20 action drop | |
| set rule 20 description "Drop invalid state" | |
| set rule 20 state invalid enable | |
| set rule 30 action accept | |
| set rule 30 description "Allow ICMPv6" | |
| set rule 30 log disable | |
| set rule 30 protocol icmpv6 | |
| up | |
| edit ipv6-name WAN6_LOCAL | |
| set default-action drop | |
| set rule 10 action accept | |
| set rule 10 description "Allow established/related" | |
| set rule 10 state established enable | |
| set rule 10 state related enable | |
| set rule 20 action drop | |
| set rule 20 description "Drop invalid state" | |
| set rule 20 state invalid enable | |
| set rule 30 action accept | |
| set rule 30 description "Allow ICMPv6" | |
| set rule 30 log disable | |
| set rule 30 protocol icmpv6 | |
| set rule 40 action accept | |
| set rule 40 description "Allow DHCPv6" | |
| set rule 40 destination port 546 | |
| set rule 40 protocol udp | |
| set rule 40 source port 547 | |
| up | |
| set all-ping enable | |
| set broadcast-ping disable | |
| set ipv6-receive-redirects disable | |
| set ipv6-src-route disable | |
| set ip-src-route disable | |
| set log-martians enable | |
| set receive-redirects disable | |
| set send-redirects enable | |
| set source-validation disable | |
| set syn-cookies enable | |
| top | |
| commit | |
| save | |
| exit | |
| configure | |
| set system host-name UBNT-Gateway | |
| set system offload hwnat enable | |
| delete system time-zone | |
| set system time-zone Asia/Taipei | |
| set interfaces ethernet eth4 pppoe 0 dhcpv6-pd prefix-only | |
| set interfaces ethernet eth4 pppoe 0 ipv6 enable | |
| set interfaces switch switch0 ipv6 address autoconf | |
| set interfaces switch switch0 ipv6 router-advert | |
| set protocols static interface-route6 ::/0 next-hop-interface pppoe0 | |
| set interfaces switch switch0 ipv6 router-advert prefix ::/64 | |
| set interfaces ethernet eth4 pppoe 0 firewall in ipv6-name WAN6_IN | |
| set interfaces ethernet eth4 pppoe 0 firewall local ipv6-name WAN6_LOCAL | |
| set service upnp2 wan pppoe0 | |
| set service upnp2 listen-on switch0 | |
| set service upnp2 nat-pmp enable | |
| set service upnp2 secure-mode disable | |
| commit | |
| save | |
| exit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
在我的情況下 router-advert 要加在 switch0 這頭才有用, 而且還要再加個 prefix ::/64
沒想到這個問題居然過了四五年了都還在。其他一般家用的 router 現在只要勾個 enable IPv6 = native 之類的甚至完全不用動,就暢通無阻了.....