Last active
October 3, 2018 10:26
-
-
Save wtnbgo/726440a495455bfb33f11cd6c66d3a8c to your computer and use it in GitHub Desktop.
RTXなルータでさくらのVPSから IPv4 over IPv6 のトンネルで固定IPv4なおうちサーバを準備する手順 ref: https://qiita.com/wtnbgo/items/12145621e1a16cb81065
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# for tun0 | |
net.ipv4.conf.all.forwarding=1 | |
net.ipv4.conf.eth0.rp_filter=0 | |
net.ipv4.conf.tun0.rp_filter=0 | |
net.nf_conntrack_max=65535 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
DEVICE=tun0 | |
BOOTPROTO=none | |
ONBOOT=yes | |
TYPE=IPIP6 | |
MODE=ip4ip6 | |
PEER_OUTER_IPADDR=XXXX:XXXX:XXXX:XXXX::1 | |
MY_OUTER_IPADDR=AAAA:AAAA:AAAA:AAAA::1 | |
MY_INNER_IPADDR=192.168.BBB.1/24 | |
ZONE=trusted |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ip route default gateway pp 1 filter 1 gateway tunnel 1 | |
pp select 1 | |
pp name MyPPPoE | |
接続設定は省略 | |
ip pp nat descriptor 1000 | |
pp enable 1 | |
nat descriptor type 1000 masquerade | |
nat descriptor masquerade static 1000 1 192.168.YYY.20 tcp 80,443,22 | |
ip filter 1 pass 192.168.YYY.20 * * * * |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
192.168.YYY.0/24 dev tun0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sudo sysctl -p | |
sudo systemctl restart network |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
modprobe ip6_tunnel | |
ip -6 tunnel add tun0 mode ip4ip6 \ | |
remote XXXX:XXXX:XXXX:XXXX::1 \ | |
local AAAA:AAAA:AAAA:AAAA::1 | |
ip link set tun0 up | |
ip addr add 192.168.BBB.1/24 dev tun0 | |
route add -net 192.168.YYY.0/24 dev tun0 | |
sysctl -w net.ipv4.conf.all.forwarding=1 | |
sysctl -w net.ipv4.conf.eth0.rp_filter=0 | |
sysctl -w net.ipv4.conf.tun0.rp_filter=0 | |
sysctl -w net.nf_conntrack_max=65535 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# eth0 を external に移す | |
sudo firewall-cmd --zone=external --change-interface=eth0 --permanent | |
# tun0 は trusted に設定 | |
sudo firewall-cmd --zone=trusted --add-interface=tun0 --permanent | |
# 個別ポート転送設定例 | |
# 以下の例では自宅側の 192.168.YYY.10 に 80,443,8022 をポート転送している | |
# 22は VPS 自身がつかってるので、入り口は 8022 を別途設定 | |
sudo firewall-cmd --zone=external --permanent \ | |
--add-forward-port=port=80:proto=tcp:toport=80:toaddr=192.168.YYY.10 | |
sudo firewall-cmd --zone=external --permanent \ | |
--add-forward-port=port=443:proto=tcp:toport=443:toaddr=192.168.YYY.10 | |
sudo firewall-cmd --zone=external --permanent \ | |
--add-forward-port=port=8022:proto=tcp:toport=22:toaddr=192.168.YYY.10 | |
# 有効化 | |
sudo firewall-cmd --reload |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ipv6 filter 100000 pass AAAA:AAAA:AAAA:AAAA::1 * 4 * * | |
ipv6 lan2 secure filter in 100000 ... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tunnel select 1 | |
tunnel encapsulation ipip | |
tunnel endpoint address XXXX:XXXX:XXXX:XXXX::1 AAAA:AAAA:AAAA:AAAA::1 | |
ip tunnel tcp mss limit auto | |
ip tunnel address 192.168.BBB.2/24 | |
tunnel enable 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ip route default gateway tunnel 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ip route default gateway pp 1 filter 1 gateway tunnel 1 | |
ip filter 1 pass 192.168.YYY.1-192.168.YYY.128 * * * * |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment