├── 91-ipv6nat-test ├── LICENSE ├── Makefile ├── README.md ├── luasrc ├── controller │ └── nat6-helper.lua ├── model │ └── cbi │ │ └── nat6-helper.lua └── view │ └── nat6-helper │ └── nat6_status.htm └── root └── etc ├── config └── nat6-helper ├── hotplug.d └── iface │ └── 90-ipv6 ├── init.d └── nat6-helper ├── ipv6nat.sh └── uci-defaults └── nat6-helper /91-ipv6nat-test: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # /etc/hotplug.d/iface/91-ipv6nat-test 3 | 4 | enable=$(uci get nat6-helper.@nat6-helper[0].enabled) 5 | interface_public=$(uci get nat6-helper.@nat6-helper[0].name) 6 | ip6tables_status=$(/usr/sbin/ip6tables-save -t nat | grep "v6NAT") 7 | res=`ip -6 route | grep "default from"` 8 | gateway=`echo $res | awk '{print $5}'` 9 | interface=`echo $res | awk '{print $7}'` 10 | log_file="/ipv6nat-test.log" 11 | 12 | 13 | echo -e "\n------------------------------------------------\n" >> $log_file 2>&1 14 | 15 | echo -e "$(date +"%Y-%m-%d %H:%M:%S") The shell continues" >> $log_file 2>&1 16 | echo -e "$(date +"%Y-%m-%d %H:%M:%S") enable status: \"$enable\"" >> $log_file 2>&1 17 | echo -e "$(date +"%Y-%m-%d %H:%M:%S") interface_public: \"$interface_public\"" >> $log_file 2>&1 18 | 19 | echo -e "$(date +"%Y-%m-%d %H:%M:%S") INTERFACE: \"$INTERFACE\"" >> $log_file 2>&1 20 | echo -e "$(date +"%Y-%m-%d %H:%M:%S") ACTION: \"$ACTION\"" >> $log_file 2>&1 21 | echo -e "$(date +"%Y-%m-%d %H:%M:%S") ip6tables: \"$ip6tables_status\"" >> $log_file 2>&1 22 | 23 | echo -e "$(date +"%Y-%m-%d %H:%M:%S") res: \"$res\"" >> $log_file 2>&1 24 | echo -e "$(date +"%Y-%m-%d %H:%M:%S") gateway: \"$gateway\"" >> $log_file 2>&1 25 | echo -e "$(date +"%Y-%m-%d %H:%M:%S") interface: \"$interface\"" >> $log_file 2>&1 26 | 27 | 28 | echo -e "\n------------------------------------------------\n" >> $log_file 2>&1 29 | 30 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 CC 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | 2 | include $(TOPDIR)/rules.mk 3 | 4 | PKG_NAME:=luci-app-nat6-helper 5 | PKG_VERSION:=v1.0 6 | PKG_RELEASE:=1 7 | 8 | PKG_LICENSE:=MIT License 9 | 10 | LUCI_TITLE:=LuCI support for nat6 11 | LUCI_DEPENDS:=+ip6tables +ip6tables-mod-nat +ip6tables-extra 12 | LUCI_PKGARCH:=all 13 | 14 | PKG_MAINTAINER:= 15 | 16 | include $(TOPDIR)/feeds/luci/luci.mk 17 | 18 | # call BuildPackage - OpenWrt buildroot signature 19 | 20 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # luci-app-nat6-helper 2 | 3 | 4 | - 启用后根据 ipv6 的 wan6 接口状态,自动配置 nat6 5 | 6 | 7 | Usage: 8 | 9 | 1. 检查软件包是否安装 `ip6tables kmod-ipt-nat6 kmod-ip6tables kmod-ip6tables-extra`,如若没有,请 ssh 运行 `opkg update && opkg install ip6tables kmod-ipt-nat6 kmod-ip6tables kmod-ip6tables-extra` 安装 10 | 11 | 2. 运行 ipv6nat.sh 脚本 12 | 13 | - 方式一:Luci 界面点击 `执行 IPv6 初始化脚本` 一键执行(日志存放于 `/etc/ipv6nat.log`) 14 | - 方式二:通过 SSH 手动执行 15 | 16 | ``` 17 | chmod +x /etc/ipv6nat.sh 18 | bash /etc/ipv6nat.sh 19 | ``` 20 | 21 | 3. 启用插件,保存并应用 22 | 23 | 24 | 25 | # 参考链接: 26 | 1. [LEDE 下的 IPv6 NAT6](https://lixingcong.github.io/2017/04/24/ipv6-nat-lede/) 27 | 2. [OpenWrt 路由器如何让 lan 口主机获得 ipv6 网络访问?](https://www.zhihu.com/question/29667477) -------------------------------------------------------------------------------- /luasrc/controller/nat6-helper.lua: -------------------------------------------------------------------------------- 1 | 2 | module("luci.controller.nat6-helper", package.seeall) 3 | 4 | function index() 5 | if not nixio.fs.access("/etc/config/nat6-helper") then 6 | return 7 | end 8 | 9 | entry({"admin", "services", "nat6-helper"},firstchild(), _("NAT6 配置助手"), 50).dependent = false 10 | 11 | entry({"admin", "services", "nat6-helper", "general"},cbi("nat6-helper"), _("设置"), 1) 12 | 13 | entry({"admin", "services", "nat6-helper", "status"},call("act_status")).leaf=true 14 | 15 | end 16 | 17 | function act_status() 18 | local e={} 19 | e.running=luci.sys.call("ip6tables -t nat -L | grep 'v6NAT' > /dev/null")==0 20 | luci.http.prepare_content("application/json") 21 | luci.http.write_json(e) 22 | end 23 | -------------------------------------------------------------------------------- /luasrc/model/cbi/nat6-helper.lua: -------------------------------------------------------------------------------- 1 | m = Map("nat6-helper", "NAT6 配置助手") 2 | m.description = translate("IPv6 路由器做 NAT6,使得路由器下级可以使用 IPv6 协议访问网站。
参考链接:
https://github.com/Ausaci/luci-app-nat6-helper
https://lixingcong.github.io/2017/04/24/ipv6-nat-lede/") 3 | 4 | m:section(SimpleSection).template = "nat6-helper/nat6_status" 5 | 6 | s = m:section(TypedSection, "nat6-helper") 7 | s.addremove = false 8 | s.anonymous = true 9 | 10 | enabled = s:option(Flag, "enabled", translate("Enable")) 11 | enabled.default = 0 12 | enabled.rmempty = false 13 | 14 | name = s:option(Value, "name", translate("Interface")) 15 | name.rmempty = false 16 | name.default = "wan6" 17 | name.description = translate("填入 IPv6 接口名 (默认为 wan6 ),即可使 NAT6 随该接口状态自动开启或关闭") 18 | run = s:option(Button, "run_button", translate("启动")) 19 | run.inputstyle = "apply" 20 | function run.write(self, section) 21 | io.popen("/etc/init.d/nat6-helper start") 22 | end 23 | 24 | stop = s:option(Button, "stop_button", translate("关闭")) 25 | stop.inputstyle = "apply" 26 | function stop.write(self, section) 27 | io.popen("/etc/init.d/nat6-helper stop") 28 | end 29 | 30 | init = s:option(Button, "init_button", translate("初始化")) 31 | init.inputtitle = translate("执行 IPv6 初始化脚本") 32 | init.inputstyle = "apply" 33 | init.description = translate("执行 IPv6 初始化脚本 ( /etc/ipv6nat.sh ),仅需执行一次!") 34 | function init.write(self, section) 35 | io.popen("bash /etc/ipv6nat.sh >> /etc/ipv6nat.log 2>&1") 36 | end 37 | 38 | return m 39 | -------------------------------------------------------------------------------- /luasrc/view/nat6-helper/nat6_status.htm: -------------------------------------------------------------------------------- 1 | 17 | 18 |
19 |

20 | <%:Collecting data...%> 21 |

22 |
23 | -------------------------------------------------------------------------------- /root/etc/config/nat6-helper: -------------------------------------------------------------------------------- 1 | 2 | config nat6-helper 3 | option name 'wan6' 4 | option enabled '0' 5 | -------------------------------------------------------------------------------- /root/etc/hotplug.d/iface/90-ipv6: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | enable=$(uci get nat6-helper.@nat6-helper[0].enabled) 3 | interface_public=$(uci get nat6-helper.@nat6-helper[0].name) 4 | 5 | [ $enable = "0" ] && exit 0 6 | 7 | 8 | [ "$INTERFACE" = "$interface_public" ] || exit 0 9 | 10 | res=`ip -6 route | grep "default from"` 11 | gateway=`echo $res | awk '{print $5}'` 12 | interface=`echo $res | awk '{print $7}'` 13 | 14 | if [ "$ACTION" = ifup ]; then 15 | ip -6 r add default via $gateway dev $interface 16 | if !(ip6tables-save -t nat | grep -q "v6NAT"); then 17 | ip6tables -t nat -A POSTROUTING -o $interface -m comment --comment "v6NAT" -j MASQUERADE 18 | fi 19 | elif [ "$ACTION" = ifupdate ]; then 20 | ip -6 r del default via $gateway dev $interface 21 | ip -6 r add default via $gateway dev $interface 22 | if !(ip6tables-save -t nat | grep -q "v6NAT"); then 23 | ip6tables -t nat -A POSTROUTING -o $interface -m comment --comment "v6NAT" -j MASQUERADE 24 | fi 25 | elif [ "$ACTION" = ifdown ]; then 26 | ip6tables -t nat -D POSTROUTING -o $interface -m comment --comment "v6NAT" -j MASQUERADE 27 | ip -6 r del default via $gateway dev $interface 28 | else 29 | exit 0 30 | fi 31 | -------------------------------------------------------------------------------- /root/etc/init.d/nat6-helper: -------------------------------------------------------------------------------- 1 | #!/bin/sh /etc/rc.common 2 | 3 | START=99 4 | STOP=10 5 | 6 | enable=$(uci get nat6-helper.@nat6-helper[0].enabled) 7 | res=`ip -6 route | grep "default from"` 8 | gateway=`echo $res | awk '{print $5}'` 9 | interface=`echo $res | awk '{print $7}'` 10 | 11 | add() { 12 | 13 | /usr/bin/ip -6 r add default via $gateway dev $interface 14 | if !(/usr/sbin/ip6tables-save -t nat | grep -q "v6NAT"); then 15 | /usr/sbin/ip6tables -t nat -A POSTROUTING -o $interface -m comment --comment "v6NAT" -j MASQUERADE 16 | fi 17 | } 18 | 19 | start() { 20 | [ $enable = "0" ] && exit 0 21 | add > /dev/null 2>&1 22 | } 23 | 24 | del() { 25 | /usr/sbin/ip6tables -t nat -D POSTROUTING -o $interface -m comment --comment "v6NAT" -j MASQUERADE 26 | /usr/bin/ip -6 r del default via $gateway dev $interface 27 | } 28 | 29 | stop() { 30 | del > /dev/null 2>&1 31 | } 32 | -------------------------------------------------------------------------------- /root/etc/ipv6nat.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # ------------------------------------------------------------------- 3 | # OpenWrt IPv6 自动配置脚本 4 | # 5 | # 可在LEDE等基于OpenWrt的环境下配置IPv6支持。 6 | # 7 | # Usage: 8 | # cd /etc 9 | # chmod +x ipv6nat.sh 10 | # sh ipv6nat.sh 11 | # 只需要运行一次 12 | # ------------------------------------------------------------------- 13 | 14 | #set -ex 15 | 16 | echo -e "\n-------------------------------------------------------------------\n" 17 | echo -e "\n$(date +"%Y-%m-%d %H:%M:%S") Execute \"/etc/ipv6nat.sh\" script begin!\n" 18 | 19 | 20 | # 1. Install the package kmod-ipt-nat6 # 安装kmod-ipt-nat6 21 | #opkg update 22 | #opkg install kmod-ipt-nat6 23 | 24 | 25 | # 1. Change the "IPv6 ULA Prefix" to "2fff::/64" 26 | echo -e "\n$(date +"%Y-%m-%d %H:%M:%S") 1. Change the \"IPv6 ULA Prefix\" to 2fff::/64\n" 27 | uci set network.globals.ula_prefix="2fff::/64" 28 | uci commit network 29 | 30 | 31 | # 2. Change the first letter of the "IPv6 ULA Prefix" from "f" to "d" 32 | # ULA,全称为“唯一的本地 IPv6 单播地址”(Unique Local IPv6 Unicast Address)。这一步,我们要把它的前缀由 f 改为 d ,以将本地的 IPv6 地址向外广播,而不是 localhost 那样的闭环。 33 | echo -e "\n$(date +"%Y-%m-%d %H:%M:%S") 2. Change the first letter of the \"IPv6 ULA Prefix\" from \"f\" to \"d\"\n" 34 | uci set network.globals.ula_prefix="$(uci get network.globals.ula_prefix | sed 's/^./d/')" 35 | uci commit network 36 | 37 | 38 | # 3. Set the DHCP server to "Always announce default router" # 将 DHCP 服务器模式设置为“总是广播默认路由” 39 | echo -e "\n$(date +"%Y-%m-%d %H:%M:%S") 3. Set the DHCP server to \"Always announce default router\"\n" 40 | uci set dhcp.lan.ra_default='1' 41 | uci commit dhcp 42 | 43 | 44 | # 4. Add an init script for NAT6 by creating a new file /etc/init.d/nat6 and paste the code from the section Init Script into it #生成 nat6 脚本 45 | echo -e "\n$(date +"%Y-%m-%d %H:%M:%S") 4. Add an init script (/etc/init.d/nat6)\n" 46 | touch /etc/init.d/nat6 47 | cat > /etc/init.d/nat6 << EOF 48 | #!/bin/sh /etc/rc.common 49 | # NAT6 init script for OpenWrt // Depends on package: kmod-ipt-nat6 50 | 51 | START=55 52 | 53 | # Options 54 | # ------- 55 | 56 | # Use temporary addresses (IPv6 privacy extensions) for outgoing connections? Yes: 1 / No: 0 57 | PRIVACY=1 58 | 59 | # Maximum number of attempts before this script will stop in case no IPv6 route is available 60 | # This limits the execution time of the IPv6 route lookup to (MAX_TRIES+1)*(MAX_TRIES/2) seconds. The default (15) equals 120 seconds. 61 | MAX_TRIES=15 62 | 63 | # An initial delay (in seconds) helps to avoid looking for the IPv6 network too early. Ideally, the first probe is successful. 64 | # This would be the case if the time passed between the system log messages "Probing IPv6 route" and "Setting up NAT6" is 1 second. 65 | DELAY=5 66 | 67 | # Logical interface name of outbound IPv6 connection 68 | # There should be no need to modify this, unless you changed the default network interface names 69 | # Edit by Vincent: I never changed my default network interface names, but still I have to change the WAN6_NAME to "wan" instead of "wan6" 70 | WAN6_NAME="wan6" 71 | 72 | # --------------------------------------------------- 73 | # Options end here - no need to change anything below 74 | 75 | boot() { 76 | [ $DELAY -gt 0 ] && sleep $DELAY 77 | logger -t NAT6 "Probing IPv6 route" 78 | PROBE=0 79 | COUNT=1 80 | while [ $PROBE -eq 0 ] 81 | do 82 | if [ $COUNT -gt $MAX_TRIES ] 83 | then 84 | logger -t NAT6 "Fatal error: No IPv6 route found (reached retry limit)" && exit 1 85 | fi 86 | sleep $COUNT 87 | COUNT=$((COUNT+1)) 88 | PROBE=$(route -A inet6 | grep -c '::/0') 89 | done 90 | 91 | logger -t NAT6 "Setting up NAT6" 92 | 93 | WAN6_INTERFACE=$(uci get "network.$WAN6_NAME.ifname") 94 | if [ -z "$WAN6_INTERFACE" ] || [ ! -e "/sys/class/net/$WAN6_INTERFACE/" ] ; then 95 | logger -t NAT6 "Fatal error: Lookup of $WAN6_NAME interface failed. Were the default interface names changed?" && exit 1 96 | fi 97 | WAN6_GATEWAY=$(route -A inet6 -e | grep "$WAN6_INTERFACE" | awk '/::\/0/{print $2; exit}') 98 | if [ -z "$WAN6_GATEWAY" ] ; then 99 | logger -t NAT6 "Fatal error: No IPv6 gateway for $WAN6_INTERFACE found" && exit 1 100 | fi 101 | LAN_ULA_PREFIX=$(uci get network.globals.ula_prefix) 102 | if [ $(echo "$LAN_ULA_PREFIX" | grep -c -E "^([0-9a-fA-F]{4}):([0-9a-fA-F]{0,4}):") -ne 1 ] ; then 103 | logger -t NAT6 "Fatal error: IPv6 ULA prefix $LAN_ULA_PREFIX seems invalid. Please verify that a prefix is set and valid." && exit 1 104 | fi 105 | 106 | ip6tables -t nat -I POSTROUTING -s "$LAN_ULA_PREFIX" -o "$WAN6_INTERFACE" -j MASQUERADE 107 | if [ $? -eq 0 ] ; then 108 | logger -t NAT6 "Added IPv6 masquerading rule to the firewall (Src: $LAN_ULA_PREFIX - Dst: $WAN6_INTERFACE)" 109 | else 110 | logger -t NAT6 "Fatal error: Failed to add IPv6 masquerading rule to the firewall (Src: $LAN_ULA_PREFIX - Dst: $WAN6_INTERFACE)" && exit 1 111 | fi 112 | 113 | route -A inet6 add 2000::/3 gw "$WAN6_GATEWAY" dev "$WAN6_INTERFACE" 114 | if [ $? -eq 0 ] ; then 115 | logger -t NAT6 "Added $WAN6_GATEWAY to routing table as gateway on $WAN6_INTERFACE for outgoing connections" 116 | else 117 | logger -t NAT6 "Error: Failed to add $WAN6_GATEWAY to routing table as gateway on $WAN6_INTERFACE for outgoing connections" 118 | fi 119 | 120 | if [ $PRIVACY -eq 1 ] ; then 121 | echo 2 > "/proc/sys/net/ipv6/conf/$WAN6_INTERFACE/accept_ra" 122 | if [ $? -eq 0 ] ; then 123 | logger -t NAT6 "Accepting router advertisements on $WAN6_INTERFACE even if forwarding is enabled (required for temporary addresses)" 124 | else 125 | logger -t NAT6 "Error: Failed to change router advertisements accept policy on $WAN6_INTERFACE (required for temporary addresses)" 126 | fi 127 | echo 2 > "/proc/sys/net/ipv6/conf/$WAN6_INTERFACE/use_tempaddr" 128 | if [ $? -eq 0 ] ; then 129 | logger -t NAT6 "Using temporary addresses for outgoing connections on interface $WAN6_INTERFACE" 130 | else 131 | logger -t NAT6 "Error: Failed to enable temporary addresses for outgoing connections on interface $WAN6_INTERFACE" 132 | fi 133 | fi 134 | 135 | exit 0 136 | } 137 | EOF 138 | 139 | 140 | # 5. Make the script executable and enable it #修改权限,并生效 141 | echo -e "\n$(date +"%Y-%m-%d %H:%M:%S") 5. Make the script executable and enable it\n" 142 | chmod +x /etc/init.d/nat6 143 | /etc/init.d/nat6 enable 144 | /etc/init.d/nat6 start 145 | chmod +x /etc/init.d/nat6-helper 146 | /etc/init.d/nat6-helper enable 147 | /etc/init.d/nat6-helper start 148 | 149 | 150 | # 6. In addition, you may now disable the default firewall rule "Allow-ICMPv6-Forward" since it's not needed when masquerading is enabled 151 | # 6. 关闭不需要的防火墙规则:OpenWrt 的防火墙中有一个默认规则,叫 Allow-ICMPv6-Forward 。该规则在我们的实际使用中并不需要,因为我们用于 IPv6 内网穿透的 Masquerade 模块已经取代了它的功能。 152 | echo -e "\n$(date +"%Y-%m-%d %H:%M:%S") 6. Disable the default firewall rule \"Allow-ICMPv6-Forward\" since it's not needed when masquerading is enabled\n" 153 | uci set firewall.@rule["$(uci show firewall | grep 'Allow-ICMPv6-Forward' | cut -d'[' -f2 | cut -d']' -f1)"].enabled='0' 154 | uci commit firewall 155 | 156 | 157 | # 7. Modify /etc/sysctl.conf. If entries not exist, add them. 158 | # It's about to receive broadcasts and enable IPv6 transfer. 159 | # NOTICE: The 18.06.1 doesn't have net.ipv6.conf.default.forwarding and net.ipv6.conf.all.forwarding, 160 | # so I have to attach them. 161 | # 162 | # 7.修改/etc/sysctl.conf,把文件中相关内容改为以下内容,没有的话就添加,大概说接收广播并开启 IPv6 转发 163 | # 注意:18.06.1 中没有 net.ipv6.conf.default.forwarding 和 net.ipv6.conf.all.forwarding ,需在文件末尾额外添加之 164 | echo -e "\n$(date +"%Y-%m-%d %H:%M:%S") 7. Modify /etc/sysctl.conf. If entries not exist, add them.\n" 165 | touch /etc/sysctl.conf 166 | 167 | a=$(sed -n '/net.ipv6.conf.default.forwarding/=' /etc/sysctl.conf) 168 | if [ ! "$a" ]; then 169 | echo "net.ipv6.conf.default.forwarding=2" >> /etc/sysctl.conf 170 | else 171 | sed -i "${a}d; $((a-1))a net.ipv6.conf.default.forwarding=2" /etc/sysctl.conf 172 | fi 173 | 174 | a=$(sed -n '/net.ipv6.conf.all.forwarding/=' /etc/sysctl.conf) 175 | if [ ! "$a" ]; then 176 | echo "net.ipv6.conf.all.forwarding=2" >> /etc/sysctl.conf 177 | else 178 | sed -i "${a}d; $((a-1))a net.ipv6.conf.all.forwarding=2" /etc/sysctl.conf 179 | fi 180 | 181 | a=$(sed -n '/net.ipv6.conf.default.accept_ra/=' /etc/sysctl.conf) 182 | if [ ! "$a" ]; then 183 | a=$(sed -n '/net.ipv6.conf.all.forwarding/=' /etc/sysctl.conf) 184 | sed -i "${a}a net.ipv6.conf.default.accept_ra=2" /etc/sysctl.conf 185 | else 186 | sed -i "${a}d; $((a-1))a net.ipv6.conf.default.accept_ra=2" /etc/sysctl.conf 187 | fi 188 | 189 | a=$(sed -n '/net.ipv6.conf.all.accept_ra/=' /etc/sysctl.conf) 190 | if [ ! "$a" ]; then 191 | a=$(sed -n '/net.ipv6.conf.default.accept_ra/=' /etc/sysctl.conf) 192 | sed -i "${a}a net.ipv6.conf.all.accept_ra=2" /etc/sysctl.conf 193 | else 194 | sed -i "${a}d; $((a-1))a net.ipv6.conf.all.accept_ra=2" /etc/sysctl.conf 195 | fi 196 | 197 | 198 | # 8. Add POSTROUTING / MASQUERADE rules to firewall. 199 | # 8. 加入转发规则,编辑 /etc/firewall.user ,或路由器界面防火墙规则里加上 ip6tables -t nat -I POSTROUTING -s dfff::/64 -j MASQUERADE 200 | echo -e "\n$(date +"%Y-%m-%d %H:%M:%S") 8. Add POSTROUTING / MASQUERADE rules to firewall.\n" 201 | echo "ip6tables -t nat -I POSTROUTING -s $(uci get network.globals.ula_prefix) -j MASQUERADE" >> /etc/firewall.user 202 | /etc/init.d/firewall restart 203 | 204 | 205 | echo -e "\n$(date +"%Y-%m-%d %H:%M:%S") Execute \"/etc/ipv6nat.sh\" script end!\n" 206 | echo -e "\n-------------------------------------------------------------------\n" 207 | -------------------------------------------------------------------------------- /root/etc/uci-defaults/nat6-helper: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | uci -q batch <<-EOF >/dev/null 3 | delete ucitrack.@nat6-helper[-1] 4 | add ucitrack nat6-helper 5 | set ucitrack.@nat6-helper[-1].init=nat6-helper 6 | commit ucitrack 7 | EOF 8 | rm -f /tmp/luci-indexcache 9 | exit 0 10 | --------------------------------------------------------------------------------