Skip to content

Instantly share code, notes, and snippets.

@danpawlik

danpawlik/r4-ipv6

Created January 18, 2024 07:23
Show Gist options
  • Save danpawlik/1bebaba68b4de2be0da480390237d030 to your computer and use it in GitHub Desktop.
Save danpawlik/1bebaba68b4de2be0da480390237d030 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
r4-ipv6
Network:
root@BPI-R4:~# uci export network
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fda2:8189:e40f::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
option stp '1'
option igmp_snooping '1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.88.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'br-wan'
option type 'bridge'
list ports 'eth2'
list ports 'wan'
config interface 'wan'
option device 'br-wan'
option proto 'static'
option ipaddr 'XXX'
option netmask '255.255.255.0'
option gateway 'XXX'
config interface 'wan6'
option proto 'dhcpv6'
option device 'br-wan'
option reqaddress 'try'
option reqprefix 'auto'
dhcp:
root@BPI-R4:~# uci export dhcp
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '7500'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
list server '/mask.icloud.com/'
list server '/mask-h2.icloud.com/'
list server '/use-application-dns.net/'
list server '127.0.0.1#5053'
list server '127.0.0.1#5054'
list server '127.0.0.1#5055'
option doh_backup_noresolv '-1'
option noresolv '1'
list doh_backup_server '/mask.icloud.com/'
list doh_backup_server '/mask-h2.icloud.com/'
list doh_backup_server '/use-application-dns.net/'
list doh_backup_server '127.0.0.1#5053'
list doh_backup_server '127.0.0.1#5054'
list doh_backup_server '127.0.0.1#5055'
list doh_server '127.0.0.1#5053'
list doh_server '127.0.0.1#5054'
list doh_server '127.0.0.1#5055'
config dhcp 'lan'
option interface 'lan'
option start '50'
option limit '200'
option leasetime '24h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
option start '100'
option limit '150'
option leasetime '12h'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
firewall
root@BPI-R4:~# uci export firewall
package firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option flow_offloading '1'
option flow_offloading_hw '1'
config zone 'lan'
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'wg_lan'
config zone 'wan'
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule 'wg'
option name 'Allow-WireGuard-lan'
option src 'wan'
option dest_port '51820'
option proto 'udp'
option target 'ACCEPT'
ip
root@BPI-R4:~# ip -6 addr ; ip -6 ro li tab all ; ip -6 ru;
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1504 state UP qlen 1000
inet6 fe80::3cef:30ff:feee:d921/64 scope link
valid_lft forever preferred_lft forever
14: br-wan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::5e02:14ff:fe30:1e5a/64 scope link
valid_lft forever preferred_lft forever
17: phy0-ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::1e7e:51ff:fea1:491c/64 scope link
valid_lft forever preferred_lft forever
18: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::840f:8bff:fef6:969b/64 scope link
valid_lft forever preferred_lft forever
default from 2a00:56e0:XX::/64 via fe80::e6d3:f1ff:fe61:f181 dev br-wan metric 512
unreachable 2a00:56e0:XX::/64 dev lo metric 2147483647
2a00:56e0:XX::/48 dev br-wan metric 256
fe80::/64 dev eth0 metric 256
fe80::/64 dev br-wan metric 256
fe80::/64 dev phy0-ap0 metric 256
fe80::/64 dev br-lan metric 256
local ::1 dev lo table local metric 0
anycast fe80:: dev eth0 table local metric 0
anycast fe80:: dev br-wan table local metric 0
anycast fe80:: dev phy0-ap0 table local metric 0
anycast fe80:: dev br-lan table local metric 0
local fe80::1e7e:51ff:fea1:491c dev phy0-ap0 table local metric 0
local fe80::3cef:30ff:feee:d921 dev eth0 table local metric 0
local fe80::5e02:14ff:fe30:1e5a dev br-wan table local metric 0
local fe80::840f:8bff:fef6:969b dev br-lan table local metric 0
multicast ff00::/8 dev eth0 table local metric 256
multicast ff00::/8 dev wg_lan table local metric 256
multicast ff00::/8 dev br-wan table local metric 256
multicast ff00::/8 dev phy0-ap0 table local metric 256
multicast ff00::/8 dev br-lan table local metric 256
0: from all lookup local
32766: from all lookup main
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment