Benutzer:Leo/tayga

Aus Opennet
Wechseln zu: Navigation, Suche

Beispiel für NAT64 tayga Installation auf Server gai

root@gai:~/tayga# cat README.md

see /etc/tayga.conf

Before starting the TAYGA daemon, the routing setup on your system will need
to be changed to send IPv4 and IPv6 packets to TAYGA.  First create the TUN
network interface:

  # tayga --mktun

If TAYGA prints any errors, you will need to fix your config file before
continuing.  Otherwise, the new nat64 interface can be configured and the
proper routes can be added to your system:

   ip link set nat64 up
   ip addr add 2a0a:4580:1010:2002::1 dev nat64  # replace with your router's address
   ip addr add 10.253.0.1 dev nat64    # replace with your router's address
   ip route add 2a0a:4580:1010:2002::/96 dev nat64  # from tayga.conf
   ip route add 10.253.0.0/24 dev nat64      # from tayga.conf

Firewalling your NAT64 prefix from outside access is highly recommended:

  # ip6tables -A FORWARD -s 2001:db8:1::/48 -d 2001:db8:1:ffff::/96 -j ACCEPT
  # ip6tables -A FORWARD -d 2001:db8:1:ffff::/96 -j DROP

At this point, you may start the tayga process:

  # tayga

Check your system log (/var/log/syslog or /var/log/messages) for status
information.

If you are having difficulty configuring TAYGA, use the -d option to run the
tayga process in the foreground and send all log messages to stdout:

  # tayga -d


cat 330_ugw-nat64-native-on-gai.inc


#todo: test whether the br-.... interface name change in the meantime

@def $IF_ONI_NAT64 = nat64;
@def $IF_WAN = eth0;
@def $IF_BABEL_MESH = babel-vpn;

domain (ip ip6) table filter {
	chain service-input {
		# erlaube input weil NAT64 Adressbereich geroutet wird
		interface $IF_ONI_NAT64 ACCEPT;
	}
}

domain (ip ip6) chain FORWARD outerface $IF_WAN {
	# erlaube Internet Traffic
	interface $IF_ONI_NAT64 ACCEPT;
}

domain (ip6) chain FORWARD interface $IF_ONI_NAT64 {
	# erlaube NAT64 Traffic, welcher ueber docker host geroutet wird. Deshalb in und out gleiches Interface.
	outerface $IF_ONI_NAT64 ACCEPT;
}

#dns64
#TODO: auf Ziel IP + Port beschraenken
domain ip6 chain FORWARD interface $IF_BABEL_MESH {
	# erlaube mesh Zugriff auf DNS64
	outerface $IF_ONI_NAT64 ACCEPT;
}

domain ip table nat {
        chain POSTROUTING {
		outerface $IF_WAN saddr (10.254.0.0/16) MASQUERADE;
	}
}


Meine Werkzeuge
Namensräume

Varianten
Aktionen
Start
Opennet
Kommunikation
Karten
Werkzeuge