wtnbgo/file0.txt

## file0.txt
# for tun0
net.ipv4.conf.all.forwarding=1
net.ipv4.conf.eth0.rp_filter=0
net.ipv4.conf.tun0.rp_filter=0
net.nf_conntrack_max=65535

## file1.txt
DEVICE=tun0
BOOTPROTO=none
ONBOOT=yes
TYPE=IPIP6
MODE=ip4ip6
PEER_OUTER_IPADDR=XXXX:XXXX:XXXX:XXXX::1
MY_OUTER_IPADDR=AAAA:AAAA:AAAA:AAAA::1
MY_INNER_IPADDR=192.168.BBB.1/24
ZONE=trusted

## file10.txt
ip route default gateway pp 1 filter 1 gateway tunnel 1
pp select 1
 pp name MyPPPoE
 接続設定は省略
 ip pp nat descriptor 1000
 pp enable 1
nat descriptor type 1000 masquerade
nat descriptor masquerade static 1000 1 192.168.YYY.20 tcp 80,443,22
ip filter 1 pass 192.168.YYY.20 * * * *

## file2.txt
192.168.YYY.0/24 dev tun0

## file3.txt
sudo sysctl -p
sudo systemctl restart network

## file4.txt
modprobe ip6_tunnel
ip -6 tunnel add tun0 mode ip4ip6 \
 remote XXXX:XXXX:XXXX:XXXX::1 \
 local  AAAA:AAAA:AAAA:AAAA::1
ip link set tun0 up
ip addr add 192.168.BBB.1/24 dev tun0
route add -net 192.168.YYY.0/24 dev tun0
sysctl -w net.ipv4.conf.all.forwarding=1
sysctl -w net.ipv4.conf.eth0.rp_filter=0
sysctl -w net.ipv4.conf.tun0.rp_filter=0
sysctl -w net.nf_conntrack_max=65535

## file5.txt
# eth0 を external に移す
sudo firewall-cmd --zone=external --change-interface=eth0 --permanent

# tun0 は trusted に設定
sudo firewall-cmd --zone=trusted --add-interface=tun0 --permanent

# 個別ポート転送設定例
# 以下の例では自宅側の 192.168.YYY.10 に 80,443,8022 をポート転送している
# 22は VPS 自身がつかってるので、入り口は 8022 を別途設定

sudo firewall-cmd --zone=external --permanent \
--add-forward-port=port=80:proto=tcp:toport=80:toaddr=192.168.YYY.10
sudo firewall-cmd --zone=external --permanent \
--add-forward-port=port=443:proto=tcp:toport=443:toaddr=192.168.YYY.10
sudo firewall-cmd --zone=external --permanent \
--add-forward-port=port=8022:proto=tcp:toport=22:toaddr=192.168.YYY.10

# 有効化
sudo firewall-cmd --reload

## file6.txt
ipv6 filter 100000 pass AAAA:AAAA:AAAA:AAAA::1 * 4 * *
ipv6 lan2 secure filter in 100000 ...

## file7.txt
tunnel select 1
tunnel encapsulation ipip
tunnel endpoint address XXXX:XXXX:XXXX:XXXX::1 AAAA:AAAA:AAAA:AAAA::1
ip tunnel tcp mss limit auto
ip tunnel address 192.168.BBB.2/24
tunnel enable 1

## file8.txt
ip route default gateway tunnel 1

## file9.txt
ip route default gateway pp 1 filter 1 gateway tunnel 1
ip filter 1 pass 192.168.YYY.1-192.168.YYY.128 * * * *
	# for tun0
	net.ipv4.conf.all.forwarding=1
	net.ipv4.conf.eth0.rp_filter=0
	net.ipv4.conf.tun0.rp_filter=0
	net.nf_conntrack_max=65535
	DEVICE=tun0
	BOOTPROTO=none
	ONBOOT=yes
	TYPE=IPIP6
	MODE=ip4ip6
	PEER_OUTER_IPADDR=XXXX:XXXX:XXXX:XXXX::1
	MY_OUTER_IPADDR=AAAA:AAAA:AAAA:AAAA::1
	MY_INNER_IPADDR=192.168.BBB.1/24
	ZONE=trusted
	ip route default gateway pp 1 filter 1 gateway tunnel 1
	pp select 1
	pp name MyPPPoE
	接続設定は省略
	ip pp nat descriptor 1000
	pp enable 1
	nat descriptor type 1000 masquerade
	nat descriptor masquerade static 1000 1 192.168.YYY.20 tcp 80,443,22
	ip filter 1 pass 192.168.YYY.20 * * * *
	modprobe ip6_tunnel
	ip -6 tunnel add tun0 mode ip4ip6 \
	remote XXXX:XXXX:XXXX:XXXX::1 \
	local AAAA:AAAA:AAAA:AAAA::1
	ip link set tun0 up
	ip addr add 192.168.BBB.1/24 dev tun0
	route add -net 192.168.YYY.0/24 dev tun0
	sysctl -w net.ipv4.conf.all.forwarding=1
	sysctl -w net.ipv4.conf.eth0.rp_filter=0
	sysctl -w net.ipv4.conf.tun0.rp_filter=0
	sysctl -w net.nf_conntrack_max=65535
	# eth0 を external に移す
	sudo firewall-cmd --zone=external --change-interface=eth0 --permanent

	# tun0 は trusted に設定
	sudo firewall-cmd --zone=trusted --add-interface=tun0 --permanent

	# 個別ポート転送設定例
	# 以下の例では自宅側の 192.168.YYY.10 に 80,443,8022 をポート転送している
	# 22は VPS 自身がつかってるので、入り口は 8022 を別途設定

	sudo firewall-cmd --zone=external --permanent \
	--add-forward-port=port=80:proto=tcp:toport=80:toaddr=192.168.YYY.10
	sudo firewall-cmd --zone=external --permanent \
	--add-forward-port=port=443:proto=tcp:toport=443:toaddr=192.168.YYY.10
	sudo firewall-cmd --zone=external --permanent \
	--add-forward-port=port=8022:proto=tcp:toport=22:toaddr=192.168.YYY.10

	# 有効化
	sudo firewall-cmd --reload
	ipv6 filter 100000 pass AAAA:AAAA:AAAA:AAAA::1 * 4 * *
	ipv6 lan2 secure filter in 100000 ...
	tunnel select 1
	tunnel encapsulation ipip
	tunnel endpoint address XXXX:XXXX:XXXX:XXXX::1 AAAA:AAAA:AAAA:AAAA::1
	ip tunnel tcp mss limit auto
	ip tunnel address 192.168.BBB.2/24
	tunnel enable 1
	ip route default gateway pp 1 filter 1 gateway tunnel 1
	ip filter 1 pass 192.168.YYY.1-192.168.YYY.128 * * * *