Benutzer:Leo/tayga
Aus Opennet
Beispiel für NAT64 tayga Installation auf Server gai
root@gai:~/tayga# cat README.md
see /etc/tayga.conf Before starting the TAYGA daemon, the routing setup on your system will need to be changed to send IPv4 and IPv6 packets to TAYGA. First create the TUN network interface: # tayga --mktun If TAYGA prints any errors, you will need to fix your config file before continuing. Otherwise, the new nat64 interface can be configured and the proper routes can be added to your system: ip link set nat64 up ip addr add 2a0a:4580:1010:2002::1 dev nat64 # replace with your router's address ip addr add 10.253.0.1 dev nat64 # replace with your router's address ip route add 2a0a:4580:1010:2002::/96 dev nat64 # from tayga.conf ip route add 10.253.0.0/24 dev nat64 # from tayga.conf Firewalling your NAT64 prefix from outside access is highly recommended: # ip6tables -A FORWARD -s 2001:db8:1::/48 -d 2001:db8:1:ffff::/96 -j ACCEPT # ip6tables -A FORWARD -d 2001:db8:1:ffff::/96 -j DROP At this point, you may start the tayga process: # tayga Check your system log (/var/log/syslog or /var/log/messages) for status information. If you are having difficulty configuring TAYGA, use the -d option to run the tayga process in the foreground and send all log messages to stdout: # tayga -d
cat 330_ugw-nat64-native-on-gai.inc
#todo: test whether the br-.... interface name change in the meantime @def $IF_ONI_NAT64 = nat64; @def $IF_WAN = eth0; @def $IF_BABEL_MESH = babel-vpn; domain (ip ip6) table filter { chain service-input { # erlaube input weil NAT64 Adressbereich geroutet wird interface $IF_ONI_NAT64 ACCEPT; } } domain (ip ip6) chain FORWARD outerface $IF_WAN { # erlaube Internet Traffic interface $IF_ONI_NAT64 ACCEPT; } domain (ip6) chain FORWARD interface $IF_ONI_NAT64 { # erlaube NAT64 Traffic, welcher ueber docker host geroutet wird. Deshalb in und out gleiches Interface. outerface $IF_ONI_NAT64 ACCEPT; } #dns64 #TODO: auf Ziel IP + Port beschraenken domain ip6 chain FORWARD interface $IF_BABEL_MESH { # erlaube mesh Zugriff auf DNS64 outerface $IF_ONI_NAT64 ACCEPT; } domain ip table nat { chain POSTROUTING { outerface $IF_WAN saddr (10.254.0.0/16) MASQUERADE; } }