openwrt使用tayga/totd实现NAT64/DNS64

目前有一些智能家居方案如Thread在使用ipv6进行组网一种基于Thread的IPv6智能家居解决方案,但ipv6 ISP环境部署还未完善,所以很多方案选择使用ipv4服务器与ipv6终端通信,这需要在网络拓扑中搭建一个具有NAT64/DNS64功能的边缘路由器。

NAT64/DNS64功能拓扑如下图:
openwrt使用tayga/totd实现NAT64/DNS64_第1张图片

下面是博主使用openwrt进行搭建NAT64/DNS64功能的例子。

1.配置tayga实现NAT64

(1)下载tayga

opkg update
opkg install tayga

(2)配置/etc/config/network文件

config globals 'globals'
	option ula_prefix 'ddbe:48ec:56c6::/48'

config interface 'nat64'
        option proto 'tayga'
        option ifname 'tayga-nat64'
        option ipv4_addr '192.168.64.1'
        option prefix 'ddbe:48ec:56c6:1111::/96'	#这里注意前缀前64位不能与br-lan相同
        option dynamic_pool '192.168.64.0/24'
        option accept_ra '0'
        option send_rs '0'

openwrt使用ula_prefix作为本地ipv6前缀,一般为48位前缀,br-lan一般为64位前缀,则tayga-nat64的前缀前64位不得与br-lan相同,否则nat64会找不到路由表

root@GL-X750:/# route -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
ddbe:48ec:56c6:10::/64                      ::                                      U     1024   0        0 br-lan  
ddbe:48ec:56c6:1111::/96                    ::                                      U     1024   0        0 tayga-nat64
ddbe:48ec:56c6::/48                         ::                                      !n    2147483647 0        0 lo 

(3)配置/etc/config/firewall

config zone
	option name 'lan'
	list network 'lan'
	list network 'nat64' #添加nat64
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT

(4)重启network与firewall

/etc/init.d/network restart
/etc/init.d/firewall restart

(5)测试tayga功能

root@GL-X750:/# ping6 ddbe:48ec:56c6:1111::8.8.8.8
PING ddbe:48ec:56c6:1111::8.8.8.8 (ddbe:48ec:56c6:1111::808:808): 56 data bytes
64 bytes from ddbe:48ec:56c6:1111::808:808: seq=0 ttl=46 time=60.722 ms
64 bytes from ddbe:48ec:56c6:1111::808:808: seq=2 ttl=45 time=69.222 ms
64 bytes from ddbe:48ec:56c6:1111::808:808: seq=3 ttl=45 time=46.831 ms
64 bytes from ddbe:48ec:56c6:1111::808:808: seq=4 ttl=46 time=44.560 ms
64 bytes from ddbe:48ec:56c6:1111::808:808: seq=5 ttl=45 time=50.169 ms
^C
--- ddbe:48ec:56c6:1111::8.8.8.8 ping statistics ---
6 packets transmitted, 5 packets received, 16% packet loss
round-trip min/avg/max = 44.560/54.300/69.222 ms

使用ping6通8.8.8.8证明nat64功能成功

2.2配置totd实现DNS64

(1)下载totd

opkg update
opkg install totd

openwrt1806已经把totd删掉,如果发现源里没有该软件包,可从https://github.com/dengxinfa/openwrt-totd.git里clone自行编译。
(2)修改配置文件/etc/totd.conf

; Totd sample configuration file
; you can have multiple forwarders, totd will always prefer
; forwarders listed early and only use forwarders listed later
; if the first ones are unresponsive.
forwarder 8.8.8.8 port 53 #dns服务器
; you can have multiple prefixes or even no prefixes at all
; totd uses them in round-robin fashion
prefix ddbe:48ec:56c6:1111:: #ipv6前缀,与nat64配置成一样
; the port totd listens on for incoming requests
port 5353	#本地totd监听端口
; the pidfile to use (default: /var/run/totd.pid)
pidfile /var/run/totd.pid
; interfaces totd listens on (UDP only for now and not on Linux)
; If left out totd will only open wildcard sockets.
; interfaces lo br0
; 6to4 reverse lookup
; stf

(3)开启totd

/etc/init.d/totd enable
/etc/init.d/totd restart

(4)配置/etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
  	option nonwildcard '1'
	option localservice '1'
	list server '127.0.0.1#5353' #配置上流dns服务器为totd的监听端口
	option noresolv '1'
 
config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option force '1'
	option dhcpv6 'server'
	option ra 'server'
	option ra_default '1'
	option ra_management '1'

重启dhcp

/etc/init.d/odhcp restart
/etc/init.d/dnsmasq restart

(5)测试
使用win7电脑连接openwrt路由器lan口,配置win7只开启ipv6
openwrt使用tayga/totd实现NAT64/DNS64_第2张图片
发现ipv6连接显示internet,证明openwrt中ipv6可使用。
在CMD中使用ping -6命令ping通baidu.com
openwrt使用tayga/totd实现NAT64/DNS64_第3张图片
发现能ping -6通baidu.com,即使用ipv6接通ipv4的baidu.com,证明NAT64/DNS64功能成功。

你可能感兴趣的:(openwrt,openthread)