Skip to content

Instantly share code, notes, and snippets.

@cmur2
Last active September 1, 2021 13:51
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save cmur2/60ed800198671a5495beb1434bc5b649 to your computer and use it in GitHub Desktop.
Save cmur2/60ed800198671a5495beb1434bc5b649 to your computer and use it in GitHub Desktop.
Script for dhcp6c to handle IPv6 network prefix translation as described in https://blog.altimos.de/2016/11/isolating-your-home-ipv6-network-with-nptv6-on-edgerouter-lite/
#!/bin/bash
INSIDE_PREFIX="fdxx::/64"
OUTSIDE_INTERFACE="eth2"
DUMMY_INTERFACE="dummypd0"
OUTSIDE_PREFIX_FILE="/var/run/my-npt-outside-prefix"
logger -p info -t my-npt "my-npt-dhcp6c-script invoked"
OLD_OUTSIDE_PREFIX=""
if [ -f "$OUTSIDE_PREFIX_FILE" ]; then
OLD_OUTSIDE_PREFIX=`cat $OUTSIDE_PREFIX_FILE`
fi
# assumes IP on dummy interface ends with ::1/64
NEW_OUTSIDE_PREFIX=`ip -6 -o addr show $DUMMY_INTERFACE | head -n 1 | cut -d\ -f 7 | sed 's,::1/64,::/64,'`
# on prefix change
if [ "$OLD_OUTSIDE_PREFIX" != "$NEW_OUTSIDE_PREFIX" ]; then
# delete old NPTv6 firewall rule if present
if [ -n "$OLD_OUTSIDE_PREFIX" ]; then
logger -p notice -t my-npt "deleting old DHCPv6-PD prefix $OLD_OUTSIDE_PREFIX from NPTv6"
ip6tables -t nat -D PREROUTING -i $OUTSIDE_INTERFACE -d $OLD_OUTSIDE_PREFIX -j NETMAP --to $INSIDE_PREFIX
ip6tables -t nat -D POSTROUTING -o $OUTSIDE_INTERFACE -s $INSIDE_PREFIX -j NETMAP --to $OLD_OUTSIDE_PREFIX
rm $OUTSIDE_PREFIX_FILE
fi
# add new NPTv6 firewall rule if new prefix
if [ -n "$NEW_OUTSIDE_PREFIX" ]; then
echo -n "$NEW_OUTSIDE_PREFIX" > $OUTSIDE_PREFIX_FILE
logger -p notice -t my-npt "adding new DHCPv6-PD prefix $NEW_OUTSIDE_PREFIX to NPTv6"
ip6tables -t nat -A PREROUTING -i $OUTSIDE_INTERFACE -d $NEW_OUTSIDE_PREFIX -j NETMAP --to $INSIDE_PREFIX
ip6tables -t nat -A POSTROUTING -o $OUTSIDE_INTERFACE -s $INSIDE_PREFIX -j NETMAP --to $NEW_OUTSIDE_PREFIX
fi
fi
# show debug: ip6tables -S -t raw; ip6tables -S -t nat
# do debug: conntrack -f ipv6 -L; ip6tables -t raw -D OUTPUT -j NOTRACK; ip6tables -t raw -D PREROUTING -j NOTRACK
# to expire and renew prefix: kill -HUP $(cat /var/run/dhcp6c.pid)
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment