Last active
September 1, 2021 13:51
-
-
Save cmur2/60ed800198671a5495beb1434bc5b649 to your computer and use it in GitHub Desktop.
Script for dhcp6c to handle IPv6 network prefix translation as described in https://blog.altimos.de/2016/11/isolating-your-home-ipv6-network-with-nptv6-on-edgerouter-lite/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| INSIDE_PREFIX="fdxx::/64" | |
| OUTSIDE_INTERFACE="eth2" | |
| DUMMY_INTERFACE="dummypd0" | |
| OUTSIDE_PREFIX_FILE="/var/run/my-npt-outside-prefix" | |
| logger -p info -t my-npt "my-npt-dhcp6c-script invoked" | |
| OLD_OUTSIDE_PREFIX="" | |
| if [ -f "$OUTSIDE_PREFIX_FILE" ]; then | |
| OLD_OUTSIDE_PREFIX=`cat $OUTSIDE_PREFIX_FILE` | |
| fi | |
| # assumes IP on dummy interface ends with ::1/64 | |
| NEW_OUTSIDE_PREFIX=`ip -6 -o addr show $DUMMY_INTERFACE | head -n 1 | cut -d\ -f 7 | sed 's,::1/64,::/64,'` | |
| # on prefix change | |
| if [ "$OLD_OUTSIDE_PREFIX" != "$NEW_OUTSIDE_PREFIX" ]; then | |
| # delete old NPTv6 firewall rule if present | |
| if [ -n "$OLD_OUTSIDE_PREFIX" ]; then | |
| logger -p notice -t my-npt "deleting old DHCPv6-PD prefix $OLD_OUTSIDE_PREFIX from NPTv6" | |
| ip6tables -t nat -D PREROUTING -i $OUTSIDE_INTERFACE -d $OLD_OUTSIDE_PREFIX -j NETMAP --to $INSIDE_PREFIX | |
| ip6tables -t nat -D POSTROUTING -o $OUTSIDE_INTERFACE -s $INSIDE_PREFIX -j NETMAP --to $OLD_OUTSIDE_PREFIX | |
| rm $OUTSIDE_PREFIX_FILE | |
| fi | |
| # add new NPTv6 firewall rule if new prefix | |
| if [ -n "$NEW_OUTSIDE_PREFIX" ]; then | |
| echo -n "$NEW_OUTSIDE_PREFIX" > $OUTSIDE_PREFIX_FILE | |
| logger -p notice -t my-npt "adding new DHCPv6-PD prefix $NEW_OUTSIDE_PREFIX to NPTv6" | |
| ip6tables -t nat -A PREROUTING -i $OUTSIDE_INTERFACE -d $NEW_OUTSIDE_PREFIX -j NETMAP --to $INSIDE_PREFIX | |
| ip6tables -t nat -A POSTROUTING -o $OUTSIDE_INTERFACE -s $INSIDE_PREFIX -j NETMAP --to $NEW_OUTSIDE_PREFIX | |
| fi | |
| fi | |
| # show debug: ip6tables -S -t raw; ip6tables -S -t nat | |
| # do debug: conntrack -f ipv6 -L; ip6tables -t raw -D OUTPUT -j NOTRACK; ip6tables -t raw -D PREROUTING -j NOTRACK | |
| # to expire and renew prefix: kill -HUP $(cat /var/run/dhcp6c.pid) | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment