16hot 的博客
http://16hot.blog.isyi.com
16hot 一心想要建设一个公共平台给所有有需要的朋友使用。
但是,在这里留给自己一块空间,抒发自己的心情。
16hot
2008-11-19T19:59:46Z
-
Linux IPv6 HOWTO (4)
http://16hot.blog.isyi.com/post/1/920
<pre>14.1 Red Hat Linux and "clones"(小紅帽和它的弟兄娣妹)<br /><br /> 自從我開始寫 [33]IPv6 & Linux - HowTo.我打算設定一個持久的IPv6配置,包<br /> 含: host-only, router-only, dual-homed-host, router with second stub<br /> network, normal tunnels, 6to4 tunnels 和其它.現在我寫了一<br /> 個configuration and script files 這個script有自己的HOWTO:<br /><br /> [34]IPv6-HOWTO/scripts/current. 夠運的是, Red Hat Linux 從 7.1 開始就<br /> 包含了這個script.多虧了Pekka Savola的幫助.<br /><br />14.2 Mandrake(曼德萊克)Linux<br /><br /> 從8.0後也包含了 IPv6-enabled initscript package但是有點小問<br /> 題("ifconfig" misses "inet6" before "add").<br /><br /> 支持IPv6的網路設定 scripts 測試<br /><br /> script library應該存在:<br /> ______________________________________________________________<br /><br /> /etc/sysconfig/network-scripts/network-functions-ipv6<br /> ______________________________________________________________<br /><br /> 自動測試:<br /> ______________________________________________________________<br /><br /> # test -f /etc/sysconfig/network-scripts/network-functions<br />-ipv6 && echo "Main<br /> ? IPv6 script library exists"<br /> ______________________________________________________________<br /><br /> library的版本很重要, 更高的版本包含了更多的功能.您可以通過這個檢視它:<br /> ______________________________________________________________<br /><br /> # source /etc/sysconfig/network-scripts/network-functions-<br />ipv6 &&<br /> ? getversion_ipv6_functions<br /> 20011124<br /> ______________________________________________________________<br /><br /> Short hint for enabling IPv6 on current RHL 7.1, 7.2, 7.3, ...(一些小提示)<br /><br /> * 檢視IPv6模組是否已經掛進系統.<br /> ______________________________________________________________<br /><br /> # modprobe -c | grep net-pf-10<br /> alias net-pf-10 off<br /> ______________________________________________________________<br /><br /> * 如果是"off" 在 /etc/sysconfig/network 中加入IPv6的支持.<br /> ______________________________________________________________<br /><br /> NETWORKING_IPV6=yes<br /> ______________________________________________________________<br /><br /> * 重新初始網路:<br /> ______________________________________________________________<br /><br /> # service network restart<br /> ______________________________________________________________<br /><br /> * IPv6模組應該掛進來了:<br /> ______________________________________________________________<br /><br /> # modprobe -c | grep ipv6<br /> alias net-pf-10 ipv6<br /> ______________________________________________________________<br /><br /> 如果您提供路由廣告autoconfiguration 會自動為您設定, 更多的資訊請看<br /> /usr/share/doc/initscripts-$version/sysconfig.txt.<br /><br />14.3 SuSE(蘇澤斯)Linux<br /><br /> 7.x 以上, 支持IPv6. 在/etc/rc.config 裡有更多的資訊. 因為不同的設定方<br /> 法和scripts結構, 所以不能將Red Hat Linux 當中的方法照搬過來.<br /><br /> 更詳盡的資訊請看:<br /><br /> [35]How to setup 6to4 IPv6 with SuSE 7.3<br /><br />14.4 Debian(迪比安)Linux<br /><br /> 參照: [36]IPv6 on Debian Linux<br /><br />15. 防火牆<br /><br />15.1 使用 netfilter6防火牆<br /><br /> netfilter6防火牆只支持2.4以上的核心.早期的2.2核心您只能用41號協議過<br /> 濾IPv6-in-IPv4.<br /><br /> 警告: 按照例子那樣設定並不能真正地保護您的作業系統.<br /><br />15.2 更多的資訊:<br /><br /> * [37]Netfilter project<br /> * [38]maillist archive of netfilter users<br /> * [39]maillist archive of netfilter developers<br /> * [40]Unofficial status informations<br /><br />15.3 準備<br /><br /> 下載最新的核心:<br /> [41]http://www.kernel.org/<br /><br /> 下載最新的iptables:<br /><br /> tar:<br /> [42]http://www.netfilter.org/<br /><br /> Source RPM for rebuild of binary (for RedHat systems):<br /> [43]ftp://ftp.redhat.com/redhat/linux/rawhide/SRPMS/SRPMS/<br /><br /> 解開源代碼<br /><br /> 解開源代碼與更名<br /> ______________________________________________________________<br /><br /> # tar z|jxf kernel-version.tar.gz|bz2<br /> # mv linux linux-version-iptables-version+IPv6<br /> ______________________________________________________________<br /><br /> 解開 iptables 源代碼<br /> ______________________________________________________________<br /><br /> # tar z|jxf iptables-version.tar.gz|bz2<br /> ______________________________________________________________<br /><br /> Apply pending patches<br /> ______________________________________________________________<br /><br /> # make pending-patches KERNEL_DIR=/path/to/src/linux-version-iptables-<br />version/<br /> ______________________________________________________________<br /><br /> Apply additional IPv6 related patches (still not in the vanilla kernel<br /> included)<br /> ______________________________________________________________<br /><br /> # make patch-o-matic KERNEL_DIR=/path/to/src/linux-version-iptables-ve<br />rsion/<br /> ______________________________________________________________<br /><br /> 在下面的選單中回答yes:<br /> * ah-esp.patch<br /> * masq-dynaddr.patch (only needed for systems with dynamic IP<br /> assigned WAN connections like PPP or PPPoE)<br /> * ipv6-agr.patch.ipv6<br /> * ipv6-ports.patch.ipv6<br /> * LOG.patch.ipv6<br /> * REJECT.patch.ipv6<br /><br /> 檢視IPv6括展:<br /> ______________________________________________________________<br /><br /> # make print-extensions<br /> Extensions found: IPv6:owner IPv6:limit IPv6:mac IPv6:multiport<br /> ______________________________________________________________<br /><br /> Configure, build and install new kernel(設定,編譯,安裝新的核心)<br /><br /> 進入代碼目錄:<br /> ______________________________________________________________<br /><br /> # cd /path/to/src/linux-version-iptables-version/<br /> ______________________________________________________________<br /><br /> 改變Makefile<br /> ______________________________________________________________<br /><br /> - EXTRAVERSION =<br /> + EXTRAVERSION = -iptables-version+IPv6-try<br /> ______________________________________________________________<br /><br /> 運行相關的設定:Run configure, enable IPv6 related<br /> ______________________________________________________________<br /><br /> Code maturity level options<br /> Prompt for development and/or incomplete code/drivers : yes<br /> Networking options<br /> Network packet filtering: yes<br /> The IPv6 protocol: module<br /> IPv6: Netfilter Configuration<br /> IP6 tables support: module<br /> All new options like following:<br /> limit match support: module<br /> MAC address match support: module<br /> Multiple port match support: module<br /> Owner match support: module<br /> netfilter MARK match support: module<br /> Aggregated address check: module<br /> Packet filtering: module<br /> REJECT target support: module<br /> LOG target support: module<br /> Packet mangling: module<br /> MARK target support: module<br /> ______________________________________________________________<br /><br /> 在系統的其它方面進行相應的修改.<br /><br /> Rebuild and install binaries of iptables (打造一個新的iptables)<br /><br /> 確定您的核心源代碼存在於: /usr/src/linux/<br /><br /> Rename older directory<br /> ______________________________________________________________<br /><br /> # mv /usr/src/linux /usr/src/linux.old<br /> ______________________________________________________________<br /><br /> Create a new softlink<br /> ______________________________________________________________<br /><br /> # ln /path/to/src/linux-version-iptables-version /usr/src/linux<br /> ______________________________________________________________<br /><br /> Rebuild SRPMS<br /> ______________________________________________________________<br /><br /> # rpm --rebuild /path/to/SRPMS/iptables-version-release.src.rpm<br /> ______________________________________________________________<br /><br /> Install new iptables packages (iptables + iptables-ipv6) 安裝新<br /> 的iptables<br /> * On RH 7.1 systems, 通常已經有一個更早的版本, therefore use<br /> "freshen"<br /> ______________________________________________________________<br /><br /> # rpm -Fhv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm<br /> ______________________________________________________________<br /><br /> * 如果沒有安裝,您就親自來吧:<br /> ______________________________________________________________<br /><br /> # rpm -ihv /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm<br /> ______________________________________________________________<br /><br /> * 如果在RH6.2上安裝,要加上"--nodep":<br /> ______________________________________________________________<br /><br /> # rpm -ihv --nodep /path/to/RPMS/cpu/iptables*-version-release.cpu.rpm<br /><br /> ______________________________________________________________<br /><br /> * 可能要為iptables加上一個softlink:<br /> ______________________________________________________________<br /><br /> # ln -s /lib/iptables/ /usr/lib/iptables<br /> ______________________________________________________________<br /><br />15.4 使用方法<br /><br /> 檢視<br /><br /> 將模組掛進來:<br /> ______________________________________________________________<br /><br /> # modprobe ip6_tables<br /> ______________________________________________________________<br /><br /> 檢視<br /> ______________________________________________________________<br /><br /> # [ ! -f /proc/net/ip6_tables_names ] && echo "Current kernel doesn't<br />support<br /> ? 'ip6tables' firewalling (IPv6)!"<br /> ______________________________________________________________<br /><br />15.5 使用ip6tables<br /><br />16.3.2.1. List all IPv6 netfilter entries<br /><br />Short<br /><br /># ip6tables -L<br /><br /><br /><br />Extended<br /><br /># ip6tables -n -v --line-numbers -L<br /><br /><br />List specified filter<br /># ip6tables -n -v --line-numbers -L INPUT<br /><br /><br /> 加入一個日誌:<br /># ip6tables --table filter --append INPUT -j LOG --log-prefix "INPUT:"<br />? --log-level 7<br /><br /><br />加入一個入站丟棄的條件:<br /># ip6tables --table filter --append INPUT -j DROP<br /><br /><br />移除一個條件:<br /># ip6tables --table filter --delete INPUT 1<br /><br /><br />允許 ICMPv6:<br />Using older kernels (unpatched kernel 2.4.5 and iptables-1.2.2) no type can be<br />specified<br /><br /><br />允許入站 ICMPv6 經過 tunnels<br /><br /># ip6tables -A INPUT -i sit+ -p icmpv6 -j ACCEPT<br /><br /><br /><br />允許出站 ICMPv6 經過 tunnels<br /># ip6tables -A OUTPUT -o sit+ -p icmpv6 -j ACCEPT<br /><br /><br />Newer kernels allow specifying of ICMPv6 types:<br /><br /># ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT<br /><br /><br />限制Rate-limiting<br />Because it can happen (author already saw it to times) that an ICMPv6 storm wil<br />l raise up, you should use available rate limiting for at least ICMPv6 ruleset.<br /> In addition logging rules should also get rate limiting to prevent DoS attacks<br /> against syslog and storage of log file partition. An example for a rate limite<br />d ICMPv6 looks like:<br /><br /># ip6tables -A INPUT --protocol icmpv6 --icmpv6-type echo-request -j ACCEPT --m<br />atch limit --limit 30/minute<br /><br /><br /> 允許入站的 SSH<br />Here an example is shown for a ruleset which allows incoming SSH connection fro<br />m a specified IPv6 address<br /><br /><br /> 允許來自 3ffe:ffff:100::1/128 的 SSH 入站<br /><br /># ip6tables -A INPUT -i sit+ -p tcp -s 3ffe:ffff:100::1/128 --sport 512:65535<br />? --dport 22 -j ACCEPT<br /><br /><br /><br />允許回應包Allow response packets (此刻 IPv6 連結追蹤不在 mainstream netfilter6<br />implemented 當中)<br /><br /># ip6tables -A OUTPUT -o sit+ -p tcp -d 3ffe:ffff:100::1/128 --dport 512:65535<br />? --sport 22 ! --syn j ACCEPT<br /><br /><br />充許 tunneled IPv6-in-IPv4<br />Tto accept tunneled IPv6-in-IPv4 packets, 在IPv4 防火牆做相應的設定 firewall se<br />tup relating to such packets, for example<br /><br /><br />充許 interface ppp0 的 IPv6-in-IPv4 入站<br /><br /># iptables -A INPUT -i ppp0 -p ipv6 -j ACCEPT<br /><br /><br /><br />充許 interface ppp0 的 IPv6-in-IPv4 出站<br /><br /># iptables -A OUTPUT -o ppp0 -p ipv6 -j ACCEPT<br /><br /><br />If you have only a static tunnel, you can specify the IPv4 addresses, too, like<br /><br /><br /><br />充許來自 endpoint 1.2.3.4 的 IPv6-in-IPv4 通過 interface ppp0 入站<br /><br /># iptables -A INPUT -i ppp0 -p ipv6 -s 1.2.3.4 -j ACCEPT<br /><br /><br /><br />充許來自 endpoint 1.2.3.4 的 IPv6-in-IPv4 通過 interface ppp0 入站<br /><br /># iptables -A OUTPUT -o ppp0 -p ipv6 -d 1.2.3.4 -j ACCEPT<br /><br /><br />16.3.2.10. Protection against incoming TCP connection requests<br />極力推薦! 出於安全考慮 您應當加入一個阻止TCP 連結請求入站的條件 . Adapt "-i" op<br />tion, if other interface names are in use!<br /><br /><br />阻止入站的 TCP 連結請求<br /><br /># ip6tables -I INPUT -i sit+ -p tcp --syn -j DROP<br /><br /><br />在路由器後面 阻止入站的 TCP 連結請求<br /><br /># ip6tables -I FORWARD -i sit+ -p tcp --syn -j DROP<br /><br /><br />可能這些條件以經存在其它地方,但這是您想當然的想法.最好建一個包含很多條件的 scri<br />pt 然後執行.<br /><br />16.3.2.11.阻止入站的 UDP 連結請求<br /><br />極力推薦! 提起過我的防火牆資訊可以控制出站 UDP/TCP 會話的端口. 所以如果您的本地<br />IPv6系統使用本地端口 比如:從 32768 至 60999 您也可以像這樣過濾UDP連結 (直到連結<br />跟蹤正常工作) like:<br /><br /><br />阻止入站的 UDP 數據包 , 斬斷請求出站的回應數據包<br /><br /># ip6tables -I INPUT -i sit+ -p udp ! --dport 32768:60999 -j DROP<br /><br /><br /><br />在路由器上面阻止入站的 UDP 數據包轉寄到路由器後面的主機<br /><br />ip6tables -I FORWARD -i sit+ -p udp ! --dport 32768:60999 -j DROP<br /><br /><br /> 實例:<br /><br /> 下面這個實例是一個經典, 由 Happy netfilter6 ruleset 生成:<br /> ______________________________________________________________<br /><br /># ip6tables -n -v -L<br />Chain INPUT (policy DROP 0 packets, 0 bytes)<br /> pkts bytes target prot opt in out source destination<br /> 0 0 extIN all sit+ * ::/0 ::/0<br /> 4 384 intIN all eth0 * ::/0 ::/0<br /> 0 0 ACCEPT all * * ::1/128 ::1/128<br /> 0 0 ACCEPT all lo * ::/0 ::/0<br /> 0 0 LOG all * * ::/0 ::/0<br />? LOG flags 0 level 7 prefix `INPUT-default:'<br /> 0 0 DROP all * * ::/0 ::/0<br /><br />Chain FORWARD (policy DROP 0 packets, 0 bytes)<br /> pkts bytes target prot opt in out source destination<br />?<br /> 0 0 int2ext all eth0 sit+ ::/0 ::/0<br /> 0 0 ext2int all sit+ eth0 ::/0 ::/0<br /> 0 0 LOG all * * ::/0 ::/0<br />? LOG flags 0 level 7 prefix `FORWARD-default:'<br /> 0 0 DROP all * * ::/0 ::/0<br /><br />Chain OUTPUT (policy DROP 0 packets, 0 bytes)<br /> pkts bytes target prot opt in out source destination<br />?<br /> 0 0 extOUT all * sit+ ::/0 ::/0<br /> 4 384 intOUT all * eth0 ::/0 ::/0<br /> 0 0 ACCEPT all * * ::1/128 ::1/128<br /> 0 0 ACCEPT all * lo ::/0 ::/0<br /> 0 0 LOG all * * ::/0 ::/0<br />? LOG flags 0 level 7 prefix `OUTPUT-default:'<br /> 0 0 DROP all * * ::/0 ::/0<br /><br />Chain ext2int (1 references)<br /> pkts bytes target prot opt in out source destination<br />?<br /> 0 0 ACCEPT icmpv6 * * ::/0 ::/0<br /> 0 0 ACCEPT tcp * * ::/0 ::/0<br />? tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02<br /> 0 0 LOG all * * ::/0 ::/0<br />? LOG flags 0 level 7 prefix `ext2int-default:'<br /> 0 0 DROP tcp * * ::/0 ::/0<br /> 0 0 DROP udp * * ::/0 ::/0<br /> 0 0 DROP all * * ::/0 ::/0<br /><br />Chain extIN (1 references)<br /> pkts bytes target prot opt in out source destination<br />?<br /> 0 0 ACCEPT tcp * * 3ffe:400:100::1/128 ::/0<br />? tcp spts:512:65535 dpt:22<br /> 0 0 ACCEPT tcp * * 3ffe:400:100::2/128 ::/0<br />? tcp spts:512:65535 dpt:22<br /> 0 0 ACCEPT icmpv6 * * ::/0 ::/0<br /> 0 0 ACCEPT tcp * * ::/0 ::/0<br />? tcp spts:1:65535 dpts:1024:65535 flags:!0x16/0x02<br /> 0 0 ACCEPT udp * * ::/0 ::/0<br />? udp spts:1:65535 dpts:1024:65535<br /> 0 0 LOG all * * ::/0 ::/0<br />? limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `extIN-default:'<br /> 0 0 DROP all * * ::/0 ::/0<br /><br />Chain extOUT (1 references)<br /> pkts bytes target prot opt in out source destination<br />?<br /> 0 0 ACCEPT tcp * * ::/0<br />? 3ffe:ffff:100::1/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02<br /> 0 0 ACCEPT tcp * * ::/0<br />? 3ffe:ffff:100::2/128tcp spt:22 dpts:512:65535 flags:!0x16/0x02<br /> 0 0 ACCEPT icmpv6 * * ::/0 ::/0<br /> 0 0 ACCEPT tcp * * ::/0 ::/0<br />? tcp spts:1024:65535 dpts:1:65535<br /> 0 0 ACCEPT udp * * ::/0 ::/0<br />? udp spts:1024:65535 dpts:1:65535<br /> 0 0 LOG all * * ::/0 ::/0<br />? LOG flags 0 level 7 prefix `extOUT-default:'<br /> 0 0 DROP all * * ::/0 ::/0<br /><br />Chain int2ext (1 references)<br /> pkts bytes target prot opt in out source destination<br />?<br /> 0 0 ACCEPT icmpv6 * * ::/0 ::/0<br /> 0 0 ACCEPT tcp * * ::/0 ::/0<br />? tcp spts:1024:65535 dpts:1:65535<br /> 0 0 LOG all * * ::/0 ::/0<br />? LOG flags 0 level 7 prefix `int2ext:'<br /> 0 0 DROP all * * ::/0 ::/0<br /> 0 0 LOG all * * ::/0 ::/0<br />? LOG flags 0 level 7 prefix `int2ext-default:'<br /> 0 0 DROP tcp * * ::/0 ::/0<br /> 0 0 DROP udp * * ::/0 ::/0<br /> 0 0 DROP all * * ::/0 ::/0<br /><br />Chain intIN (1 references)<br /> pkts bytes target prot opt in out source destination<br />?<br /> 0 0 ACCEPT all * * ::/0<br />? fe80::/ffc0::<br /> 4 384 ACCEPT all * * ::/0 ff02::/16<br /><br />Chain intOUT (1 references)<br /> pkts bytes target prot opt in out source destination<br />?<br /> 0 0 ACCEPT all * * ::/0<br />? fe80::/ffc0::<br /> 4 384 ACCEPT all * * ::/0 ff02::/16<br /> 0 0 LOG all * * ::/0 ::/0<br />? LOG flags 0 level 7 prefix `intOUT-default:'<br /> 0 0 DROP all * * ::/0 ::/0<br /> ______________________________________________________________<br /><br />16. 安全<br /><br />16.1 Access limitations<br /><br /> 有許多服務使用 tcp_wrapper library 控制訪問.Below is described the use<br /> of tcp_wrapper<br /><br /> 內容有待增加...<br /><br />16.2 IPv6安全審核<br /><br /> 目前沒有什麼較好的商業工具來進行<br /><br /> Legal issues<br /><br /> 警告:您只能掃瞄自己的系統,不然,可能會觸及法律.開始之前,請檢察您要掃瞄<br /> 的IPv6目標地址兩次!.<br /><br />16.3 Security auditing using IPv6-enabled netcat(使用適應IPv6的netcat)<br /><br /> 關於IPv6-enabled netcat的詳細資訊請參照: [44]<br /> IPv6?status-apps/security-auditing<br /><br /> 例子:<br /> ______________________________________________________________<br /><br /> # nc6 ::1 daytime<br /> 13 JUL 2002 11:22:22 CEST<br /> ______________________________________________________________<br /><br />16.4 Security auditing using IPv6-enabled nmap<br /><br /> 全世界最為優秀的掃瞄程式之一.它的首頁: [45]<br /> http://www.insecure.org/nmap/ 從 3.10ALPHA1 的版本開始支持IPv6. 例子:<br /> ______________________________________________________________<br /><br /> # nmap -6 -sT ::1<br /> Starting nmap V. 3.10ALPHA3 ( www.insecure.org/nmap/ )<br /> Interesting ports on localhost6 (::1):<br /> (The 1600 ports scanned but not shown below are in state: closed)<br /> Port State Service<br /> 22/tcp open ssh<br /> 53/tcp open domain<br /> 515/tcp open printer<br /> 2401/tcp open cvspserver<br /> Nmap run completed -- 1 IP address (1 host up) scanned in 0.525 second<br />s<br /> ______________________________________________________________<br /><br />16.5 Security auditing using IPv6-enabled strobe<br /><br /> Strobe 同 NMap相比更不具靈活性,但已經有 IPv6-enabling patch (see<br /> IPv6?status-apps/security-auditing for more). Usage example:<br /> ______________________________________________________________<br /><br /> # ./strobe ::1 strobe 1.05 (c) 1995-1999 Julian Assange <proff@iq.org><br />.<br /> ::1 2401 unassigned unknown<br /> ::1 22 ssh Secure Shell - RSA encrypted rsh<br /> ::1 515 printer spooler (lpd)<br /> ::1 6010 unassigned unknown<br /> ::1 53 domain Domain Name Server<br /> ______________________________________________________________<br /><br />16.6 審核結果<br /><br /> 如果審核結果同您的IPv6安全策略有出入, 請堵上檢測出的漏洞.<br /><br />17. Encryption and Authentication(加密和認證)<br /><br /> Support in kernel<br /><br /> Currently missing in 2.4, perhaps in 2.5 (see below). There is an<br /> issue about keeping the Linux kernel source free of<br /> export/import-control-laws regarding encryption code. This is also one<br /> case why [46]FreeS/WAN project (IPv4 only IPsec) isn't still contained<br /> in vanilla source.<br /><br /> Support in USAGI kernel<br /><br /> The USAGI project has taken over in July 2001 the IPv6 enabled<br /> FreeS/WAN code from the [47]IABG / IPv6 Project and included in their<br /> kernel extensions, but still work in progress, means that not all IABG<br /> features are already working in USAGI extension.<br /><br />17.1 用法<br /><br /> 參照: [48]FreeS/WAN / Online documentation<br /><br />18. 線上測試工具<br /><br /> 內容有待增加... 歡迎提建議!<br /> * finger, nslookup, ping, traceroute, whois: [49]UK IPv6 Resource<br /> Centre / The test page<br /> * ping, traceroute, tracepath, 6bone registry, DNS: [50]JOIN /<br /> Testtools (German language only, but should be no problem for non<br /> German speakers)<br /> * traceroute6, whois: [51]IPng.nl<br /><br />19. 其它資訊<br /><br />19.1 線上資訊<br /><br /> 加入IPv6 backbone骨幹網路<br /> IPv6 test backbone: [52]6bone, [53]How to join 6bone<br /><br /> 主要的註冊區域<br /><br /> * America: [54]ARIN [55]Ripe<br /> * Asia/Pacific: [56]APNIC<br /> * Latin America and Caribbea: [57]LACNIC<br /><br /> Also a list of major (prefix length 35) allocations per local registry<br /> is available here:<br /> [58]Ripe NCC / IPv6 allocations<br /><br /> Tunnel brokers<br /><br /> * [59]Freenet6 Canada<br /> * [60]Hurricane Electric US backbone<br /> * [61]Centro Studi e Laboratory Telecomunicazioni Italy<br /> * [62]Wanadoo Belgium<br /> * [63]CERTNET-Nokia China<br /> * [64]Tunnelbroker Leipzig Germany - DialupUsers with dynamic IP's<br /> can get a fix IPv6 IP...<br /> * [65]Internet Initiative Japan Japan - with IPv6 native line<br /> service and IPv6 tunneling Service<br /> * [66]XS26 - Access to SixNetherland - with POPs in Slovak Republic,<br /> Czech Republic, Netherlands, Germany and Hungary.<br /> * [67]IPng Netherland Netherland - Intouch, SurfNet, AMS-IX, UUNet,<br /> Cistron, RIPE NCC and AT& T are connected at the AMS-IX. It is<br /> possible (there are requirements...) to get an static tunnel.<br /> * [68]UNINETT Norway - Pilot IPv6 Service (for Customers):<br /> tunnelbroker & address allocation<br /> * [69]NTT Europe [70]NTT Euroope United Kingdom - IPv6 Trial. IPv4<br /> Tunnel and native IPv6 leased Line connections. POPs are located<br /> in London, UK Dusseldorf, Germany New Jersey, USA (East Coast)<br /> Cupertino, USA (West Coast) Tokyo, Japan<br /> * [71]ESnet USA - Energy Sciences Network: Tunnel Registry & Address<br /> Delegation for directly connected ESnet sites and ESnet<br /> collaborators.<br /> * [72]6REN USA - The 6ren initiative is being coordinated by the<br /> Energy Sciences Network (ESnet), the network for the Energy<br /> Research program of the US Dept. of Energy, located at the<br /> University of California's Lawrence Berkeley National Laboratory<br /><br /> 更多的IPv6資訊: [73]ipv6-net.org<br /><br /> 6to4<br /><br /> * [74]NSayer's 6to4 information<br /> * [75]RFC 3068 / An Anycast Prefix for 6to4 Relay Routers<br /><br /> Latest news<br /><br /> * [76]http://hs247.com/ name="hs247 / IPv6 news and information"><br /> also homepage for #ipv6 channel on EFnet<br /> * [77]bofh.st / latest IPv6 news but currently Jan 2002 outdated...,<br /> also homepage for IPv6 channel on IRCnet<br /> * [78]ipv6-net.org German forum<br /><br /> 有關協議的參考<br /><br /> * [79]HS247 / IPv6 RFC list Publishing the list of IPv6-related RFCs<br /> is beyond the scope of this document, but given URLs will lead you<br /> to such lists:<br /> * [80]IPng Standardization Status a little bit out-of-sync at the<br /> moment<br /> * [81]IPv6 Related Specifications on IPv6.org<br /><br /> 目前與IPv6有關的草案:<br /><br /> * [82]IP Version 6 ipv6<br /> * [83]Next Generation Transitition <br /> * [84]Dynamic Host Configuration <br /> * [85]Domain Name System Extension <br /> * [86]Mobile IP mobileip<br /><br /> 其它<br /><br /> * [87]Network Sorcery / IPv6, Internet Protocol version 6 IPv6<br /> protocol header<br /> * [88]SWITCH IPv6 Pilot / References big list of IPv6 references<br /> maintained by Simon Leinen<br /> * [89]Advanced Network Management Laboratory / IPv6 Address Oracle<br /> shows you IPv6 addresses in detail<br /><br /> 統計<br /><br /> * [90]IPv6 routing table history created by Gert Ding<br /><br />19.2 更多的資訊<br /><br /> 期待加入更多的內容,歡迎提建議!<br /><br /> Linux related<br /><br /> * [91]IPv6-HowTo for Linux by Peter Bieringer - Germany, and his<br /> * [92]Bieringer / IPv6 - software archive<br /> * [93]Linux+IPv6 status by Peter Bieringer Germany<br /> * [94]USAGI project Japan, and their<br /> * [95]USAGI project - software archive<br /> * [96]Gav's Linux IPv6 Page<br /> * [97]Project6 - IPv6 Networking For Linux Italy, and their<br /> * [98]Project6 - software archive<br /><br />19.3 通信論壇<br /><br />+------------------------------------------------------------------------------<br />-------------------------------------------------------------------------------<br />-------------------------------------------------------------+<br />|<br /><br /> |<br />| Focus Request e-mail address What to subscribe<br /> Maillist e-mail address Language Access through<br />WWW |<br />+------------------------------------------------------------------------------<br />-------------------------------------------------------------------------------<br />-------------------------------------------------------------+<br />| Linux kernel majordomo (at) oss.sgi.com netdev<br /> netdev (at) oss.sgi.com English http://oss.sgi.com/proj<br />ects/netdev/archive/ |<br />| networking<br /><br /> |<br />| including<br /><br /> |<br />| IPv6<br /><br /> |<br />+------------------------------------------------------------------------------<br />-------------------------------------------------------------------------------<br />-------------------------------------------------------------+<br />| Linux and majordomo (at) linux-ipv6<br /> linux-ipv6 (at) list.f00f.org English<br /> |<br />| list.f00f.org<br /><br /> |<br />| IPv6 in<br /> (moderated)<br /> |<br />| general (1)<br /><br /> |<br />+------------------------------------------------------------------------------<br />-------------------------------------------------------------------------------<br />-------------------------------------------------------------+<br />| Mobile IP majordomo (at)<br /> mipl (at) list.mipl. English http://www.mipl.mediapo<br />li.com/mailinglist.html |<br />| (v6) for list.mipl.mediapoli.com mipl<br /> mediapoli.com http://www.mipl.mediapo<br />li.com/mail-archive/ |<br />| Linux<br /><br /> |<br />|<br /><br /> |<br />+------------------------------------------------------------------------------<br />-------------------------------------------------------------------------------<br />-------------------------------------------------------------+<br />|Linux IPv6 usagi-users-ctl<br /> usagi-users English http://www.mipl.mediapo<br />li.com/mailinglist.html |<br />|users using (at) linux-ipv6.org<br /> (at) linux-ipv6.org http://www.mipl.mediapo<br />li.com/mail-archive/ |<br />|USAGI<br /><br /> |<br />|extension<br /><br /> |<br />+------------------------------------------------------------------------------<br />-------------------------------------------------------------------------------<br />-------------------------------------------------------------+<br />|<br /><br /> |<br />|IPv6 on Debian<br /> debian-ipv6 (at) English http://lists.debian.org<br />/debian-ipv6/ |<br />|Linux Web-based, see URL<br /> lists.debian.org<br /> |<br />|Web-based<br /><br /> |<br />|<br /><br /> |<br />+------------------------------------------------------------------------------<br />-------------------------------------------------------------------------------<br />-------------------------------------------------------------+<br />|<br /><br /> |<br />|IPv6/6bone in majordomo (at)<br /> ipv6 (at) German/English http://www.join.uni-mue<br />nster.de/JOIN/ipv6/texte-englisch/mailingliste.html |<br />| Germany atlan.uni-muenster.de ipv6<br /> uni-muenster.de http://www.join.uni-mue<br />nster.de/local/majordomo/ipv6/ |<br />|<br /><br /> |<br />+------------------------------------------------------------------------------<br />-------------------------------------------------------------------------------<br />-------------------------------------------------------------+<br />|<br /><br /> |<br />| 6bone majordomo (at) 6bone<br /> 6bone (at) English http://www.6bone.net/6b<br />one_email.html |<br />| isi.edu<br /> isi.edu http://ryouko.dgim.crc.<br />ca/ipv6/ |<br />|<br /> http://www.wcug.wwu.edu<br />/lists/6bone/ |<br />|<br /><br /> |<br />+------------------------------------------------------------------------------<br />-------------------------------------------------------------------------------<br />-------------------------------------------------------------+<br />|<br /><br /> |<br />|IPv6 majordomo (at) ipng<br /> ipng (at) English http://playground.sun.c<br />om/pub/ipng/html/instructions.html |<br />|discussions sunroof.eng.sun.com<br /> sunroof.eng.sun.com ftp://playground.sun.co<br />m/pub/ipng/mail-archive/ |<br />|<br /> http://www.wcug.wwu.edu<br />/lists/ipng/ |<br />+------------------------------------------------------------------------------<br />-------------------------------------------------------------------------------<br />-------------------------------------------------------------+<br />|<br /><br /> |<br />| IPv6 users majordomo (at) users<br /> users (at) ipv6.org English http://www.ipv6.org/mai<br />ling-lists.html |<br />| in general ipv6.org<br /><br /> |<br />|<br /><br /> |<br />+------------------------------------------------------------------------------<br />-------------------------------------------------------------------------------<br />-------------------------------------------------------------+<br />|<br /><br /> |<br />| Bugtracking of bugtraq-subscribe (at)<br /> bugtraq (at) English http://online.securityf<br />ocus.com/popups/forums/bugtraq/intro.shtml |<br />| Internet securityfocus.com<br /> securityfocus.com (moderated) http://online.securityf<br />ocus.com/archive/1 |<br />| applications (2)<br /><br /> |<br />|<br /><br /> |<br />+------------------------------------------------------------------------------<br />-------------------------------------------------------------------------------<br />-------------------------------------------------------------+<br />|<br /><br /> |<br />| IPv6 in general Web-based, see URL<br /> ipv6 (at) ipng.nl English http://mailman.ipng.nl/m<br />ailman/listinfo/ipv6/ |<br />|<br /> http://mailman.ipng.nl/p<br />ipermail/ipv6/ |<br />|<br /><br /> |<br />+------------------------------------------------------------------------------<br />-------------------------------------------------------------------------------<br />-------------------------------------------------------------+<br /><br /><br />|<br /><br /> |<br /><br />|<br /><br /> |<br />|<br /><br /> |<br />|<br /><br /> |<br />| majordomo (at) majordomo (at) ipv6<br /> ipv6 (at) mfa.eti.br Portuguese http://www.mfa.eti.br/li<br />stas.html |<br />| mfa.eti.br mfa.eti.br<br /><br /> |<br />|<br /><br /> |<br />+------------------------------------------------------------------------------<br />-------------------------------------------------------------------------------<br />-------------------------------------------------------------+<br /><br /><br /><br /><br /><br /> (1) recommended for common Linux & IPv6 issues.<br /><br /> (2) very recommended if you provide server applications.<br /><br /> 是不是有什麼遺漏? 歡迎你的建議!<br /><br /> 這裡還有另一份清單: http://www.join.uni-muenster.de/JOIN/ipv6/texte-eng<br />lisch/ipv6.infoquellen.html<br /><br /> 有關的發行版<br /><br /> * [99]Polish(ed) Linux Distribution ("market leader" in containing<br /> IPv6 enabled packages)<br /> * [100]Red Hat Linux<br /> * [101]Pekka Savola's IPv6 packages Germany<br /> * [102]Debian Linux<br /> * [103]Craig Small's IPv6 information and status<br /> * [104]SuSE Linux<br /> * [105]Linux Mandrake<br /><br />20. 歷史<br /><br /> x.y版本 發佈在Internet上.<br /> x.y.z 表示正在進行的版本and only published as LyX file on CVS.<br /><br /> Releases 0.x<br /><br />0.31<br />2002-09-29/PB: Extend information in proc-filesystem entries<br /><br />0.30<br />2002-09-27/PB: Add some maillists<br /><br />0.29<br />2002-09-18/PB: Update statement about nmap (triggered by Fyodor)<br /><br />0.28.1<br />2002-09-16/PB: Add note about ping6 to multicast addresses, add some labels<br /><br />0.28<br />2002-08-17/PB: Fix broken LDP/CVS links, add info about Polish translation, add<br /> URL of the IPv6 Address Oracle<br /><br />0.27<br />2002-08-10/PB: Some minor updates<br /><br />0.26.2<br />2002-07-15/PB: Add information neighbor discovery, split of firewalling (got so<br />me updates) and security into extra chapters<br /><br />0.26.1<br />2002-07-13/PB: Update nmap/IPv6 information<br /><br />0.26<br />2002-07-13/PB: Fill /proc-filesystem chapter, update DNS information about depr<br />icated A6/DNAME, change P-t-P tunnel setup to use of "ip" only<br /><br />0.25.2<br />2002-07-11/PB: Minor spelling fixes<br /><br />0.25.1<br />2002-06-23/PB: Minor spelling and other fixes<br /><br />0.25<br />2002-05-16/PB: Cosmetic fix for 2^{ }128, thanks to Jos□ Ab□lio Oliveira Mat<br />os for help with LyX<br /><br />0.24<br />2002-05-02/PB: Add entries in URL list, minor spelling fixes<br /><br />0.23<br />2002-03-27/PB: Add entries in URL list and at maillists, add a label and minor<br />information about IPv6 on RHL<br /><br />0.22<br />2002-03-04/PB: Add info about 6to4 support in kernel series 2.2.x and add an en<br />try in URL list and at maillists<br /><br />0.21<br />2002-02-26/PB: Migrate next grammar checks submitted by John Ronan<br /><br />0.20.4<br />2002-02-21/PB: Migrate more grammar checks submitted by John Ronan, add some ad<br />ditional hints at DNS section<br /><br />0.20.3<br />2002-02-12/PB: Migrate a minor grammar check patch submitted by John Ronan<br /><br />0.20.2<br />2002-02-05/PB: Add mipl to maillist table<br /><br />0.20.1<br />2002-01-31/PB: Add a hint how to generate 6to4 addresses<br /><br />0.20<br />2002-01-30/PB: Add a hint about default route problem, some minor updates<br /><br />0.19.2<br />2002-01-29/PB: Add many new URLs<br /><br />0.19.1<br />2002-01-27/PB: Add some forgotten URLs<br /><br />0.19<br />2002-01-25/PB: Add two German books, fix quote entinities in exported SGML code<br /><br />0.18.2<br />2002-01-23/PB: Add a FAQ on the program chapter<br /><br />0.18.1<br />2002-01-23/PB: Move "the end" to the end, add USAGI to maillists<br /><br />0.18<br />2002-01-22/PB: Fix bugs in explanation of multicast address types<br /><br />0.17.2<br />2002-01-22/PB: Cosmetic fix double existing text in history (at 0.16), move all<br /> credits to the end of the document<br /><br />0.17.1<br />2002-01-20/PB: Add a reference, fix URL text in online-test-tools<br /><br />0.17<br />2002-01-19/PB: Add some forgotten information and URLs about global IPv6 addres<br />ses<br /><br />0.16<br />2002-01-19/PB: Minor fixes, remove "bold" and "emphasize" formats on code lines<br />, fix "too long unwrapped code lines" using selfmade utility, extend list of UR<br />Ls.<br /><br />0.15<br />2002-01-15/PB: Fix bug in addresstype/anycast, move content related credits to<br />end of document<br /><br />0.14<br />2002-01-14/PB: Minor review at all, new chapter "debugging", review "addresses"<br />, spell checking, grammar checking (from beginning to 3.4.1) by Martin Krafft,<br />add tcpdump examples, copy firewalling/netfilter6 from IPv6+Linux-HowTo, minor<br />enhancements<br /><br />0.13<br />2002-01-05/PB: Add example BIND9/host, move revision history to end of document<br />, minor extensions<br /><br />0.12<br />2002-01-03/PB: Merge review of David Ranch<br /><br />0.11<br />2002-01-02/PB: Spell checking and merge review of Pekka Savola<br /><br />0.10<br />2002-01-02/PB: First public release of chapter 1<br /><br />References<br /><br /> 1. http://www.bieringer.de/pb/<br /> 2. http://www.linuxports.com/howto/intro_to_networking/<br /> 3. http://rfc.net/rfc1884.html<br /> 4. http://rfc.net/rfc3056.html/<br /> 5. http://rfc.net/rfc2893.html<br /> 6. http://rfc.net/rfc2373.html<br /> 7. http://standards.ieee.org/regauth/oui/tutorials/EUI64.html<br /> 8. http://rfc.net/rfc3041.html<br /> 9. ftp://ftp.ietf.org/internet-drafts/<br /> 10. http://rfc.net/rfc1519.html<br /> 11. http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html<br /> 12. http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html<br /> 13. http://www.linuxdoc.org/HOWTO/Kernel-HOWTO.html<br /> 14. ftp://ftp.bieringer.de/pub/linux/IPv6/kernel<br /> 15. http://www.linux-ipv6.org/faq.html<br /> 16. http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-kernel.html#transport<br /> 17. http://rfc.net/rfc1055.html<br /> 18. ftp://ftp.inr.ac.ru/ip-routing/<br /> 19. http://rpmfind.net/linux/rpm2html/search.php?query=iproute<br /> 20. http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-distributions.html<br /> 21. file://localhost/tmp/zh-sgmltools.21666/IPv6&Linux-CurrentStatus-Applications<br /> 22. http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO-3.html<br /> 23. http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO-4.html<br /> 24. http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#HTTP<br /> 25. http://[3ffe:400:100::1]/<br /> 26. http://www.kame.net/<br /> 27. http://rfc.net/rfc2893.html<br /> 28. http://rfc.net/rfc3056.html<br /> 29. http://rfc.net/rfc3056.html<br /> 30. http://www.kfu.com/~nsayer/6to4/<br /> 31. http://www.faqs.org/rfcs/rfc3068.html<br /> 32. http://rfc.net/rfc2473.html<br /> 33. http://www.bieringer.de/linux/IPv6/<br /> 34. http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/scripts/current/<br /> 35. http://www.feyrer.de/IPv6/SuSE73-IPv6+6to4-setup.html<br /> 36. http://people.debian.org/~csmall/ipv6/<br /> 37. http://www.netfilter.org/<br /> 38. http://lists.samba.org/pipermail/netfilter/<br /> 39. http://lists.samba.org/pipermail/netfilter-devel/<br /> 40. http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-kernel.html#netfilter6<br /> 41. http://www.kernel.org/<br /> 42. http://www.netfilter.org/<br /> 43. ftp://ftp.redhat.com/redhat/linux/rawhide/SRPMS/SRPMS/<br /> 44. http://www.bieringer.de/linux/IPv6/status/IPv6?status-apps.html#security-auditing<br /> 45. http://www.insecure.org/nmap/<br /> 46. http://www.freeswan.org/<br /> 47. http://www.ipv6.iabg.de/downloadframe/<br /> 48. http://www.freeswan.org/doc.html<br /> 49. file://localhost/tmp/zh-sgmltools.21666/Linux-IPv6-HOWTO.txt.html<br /> 50. http://www.join.uni-muenster.de/lab/testtools.html<br /> 51. http://www.ipng.nl/<br /> 52. http://www.6bone.net/6bone_hookup.html<br /> 53. http://www.6bone.net/6bone_hookup.html<br /> 54. http://www.arin.net/<br /> 55. http://www.ripe.net/<br /> 56. http://www.apnic.net/<br /> 57. http://lacnic.org/<br /> 58. http://www.ripe.net/ripencc/mem-services/registration/ipv6/ipv6allocs.html<br /> 59. http://www.freenet6.net/<br /> 60. http://ipv6tb.he.net/<br /> 61. https://carmen.cselt.it/ipv6tb/<br /> 62. http://tunnel.be.wanadoo.com/<br /> 63. http://tb.6test.edu.cn/<br /> 64. http://joshua.informatik.uni-leipzig.de/<br /> 65. http://www.iij.ad.jp/IPv6/index-e.html<br /> 66. http://www.xs26.net/<br /> 67. http://www.ipng.nl/<br /> 68. http://www.uninett.no/testnett/index.en.html<br /> 69. http://www.uk.v6.ntt.net/<br /> 70. http://www.nttv6.net/<br /> 71. http://www.es.net/hypertext/welcome/pr/ipv6.html<br /> 72. http://www.6ren.net/<br /> 73. http://www.ipv6-net.de/<br /> 74. http://www.kfu.com/~nsayer/6to4/<br /> 75. http://www.faqs.org/rfcs/rfc3068.html<br /> 76. http://hs247.com/<br /> 77. http://bofh.st/ipv6/<br /> 78. http://www.ipv6-net.de/<br /> 79. http://www.hs247.com/ipv6rfc.html<br /> 80. http://playground.sun.com/pub/ipng/html/specs/standards.html<br /> 81. http://www.ipv6.org/specs.html<br /> 82. http://www.ietf.org/ids.by.wg/ipv6.html<br /> 83. http://www.ietf.org/ids.by.wg/ngtrans.html<br /> 84. http://www.ietf.org/ids.by.wg/dhc.html<br /> 85. http://www.ietf.org/ids.by.wg/dnsext.html<br /> 86. http://www.ietf.org/ids.by.wg/mobileip.html<br /> 87. http://www.networksorcery.com/enp/protocol/ipv6.htm<br /> 88. http://www.switch.ch/lan/ipv6/references.html<br /> 89. http://steinbeck.ucs.indiana.edu:47401/<br /> 90. http://www.space.net/~gert/RIPE/<br /> 91. http://www.bieringer.de/linux/IPv6/<br /> 92. ftp://ftp.bieringer.de/pub/linux/IPv6/<br /> 93. http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status.html<br /> 94. http://www.linux-ipv6.org/<br /> 95. ftp://ftp.linux-ipv6.org/pub/<br /> 96. http://www.bugfactory.org/~gav/ipv6/<br /> 97. http://project6.ferrara.linux.it/<br /> 98. ftp://ftp.ferrara.linux.it/pub/project6/<br /> 99. http://www.pld.org.pl/<br /> 100. http://www.redhat.com/<br /> 101. http://www.netcore.fi/pekkas/linux/ipv6/<br /> 102. http://www.debian.org/<br /> 103. http://people.debian.org/~csmall/ipv6/<br /> 104. http://www.suse.com/<br /> 105. http://www.linux-mandrake.com/<br /></pre>
Linux
2008-09-14T04:53:08Z
16hot
-
Linux IPv6 HOWTO (3)
http://16hot.blog.isyi.com/post/1/919
<pre> conf/default/*<br /><br /> Change the interface-specific default settings<br /><br /> conf/all/*<br /><br /> 改變所有 interface-specific 設定.<br /><br /> 除了: "conf/all/forwarding" 它有不同的含義.<br /><br /> conf/all/forwarding<br /><br /> * Type: BOOLEAN<br /><br /> 在兩個界面之間進行global IPv6 forwarding (數據包轉寄.)<br /><br /> IPv6 當中您不能單獨控制一個設備的 forwarding (數據包轉寄). forwarding<br /> 的控制由IPv6-netfilter 完成. 當值為"0"時 數據包轉寄的能力被關閉,數據包<br /> 不會離開各自的界面(包括物理/虛擬)比如 tunnel. 當值為"1"時 數據包轉寄的<br /> 能力被開啟.<br /><br /> conf/interface/*<br /><br /> 改變單個界面的設定. 依據local forwarding 是 enabled 或 not.<br /><br /> accept_ra<br /><br /> * Type: BOOLEAN<br /> * 默認值: enabled if local forwarding is disabled. disabled if local<br /> forwarding is enabled.<br /><br /> 接受IPv6路由廣告.並且根據得到的信息自動設定.<br /><br /> accept_redirectsc<br /><br /> * Type: BOOLEAN<br /> * Functional default: enabled if local forwarding is disabled.<br /> disabled if local forwarding is enabled.<br /><br /> 接受IPv6路由器的重定向.<br /><br /> autoconf<br /><br /> * Type: BOOLEAN<br /> * Default: TRUE<br /><br /> 設定本地連結地址使用L2硬體地址. 它依據界面的L2-MAC address自動產生一個<br /> 地址如:"fe80::201:23ff:fe45:6789"<br /><br /> dad_transmits<br /><br /> * Type: INTEGER<br /> * Default: 1<br /><br /> 發送重複地址嗅探的總數.<br /><br /> forwarding<br /><br /> * Type: BOOLEAN<br /> * Default: FALSE if global forwarding is disabled (default),<br /> otherwise TRUE<br /><br /> 設定主機/路由的interface-specific動作.<br /><br /> 注意:推薦所有interface(界面)使用相同的設定.混合路由器/主機的想法真是難<br /> 得.<br /> * Value FALSE: By default, Host behaviour is assumed. This means:<br /> + IsRouter 標緻沒有在Neighbour Advertisements當中.<br /> + 當需要的時候就發送路由請求.<br /> + 如果accept_ra是TRUE (default), 接受路由廣告.<br /> + 如果accept_redirects 是 TRUE (default), 接受重定向.<br /> * Value TRUE: 如果具備本地forwarding(轉寄),路由器動作為假定.這和上面<br /> 的情況相反:<br /> + IsRouter 標緻存在於Neighbour Advertisements當中.<br /> + 不發送路由請求.<br /> + 忽略路由廣告.<br /> + 忽略重定向.<br /><br /> hop_limit<br /><br /> * Type: INTEGER<br /> * Default: 64<br /><br /> 缺省hop限制.<br /><br /> mtu<br /><br /> * Type: INTEGER<br /> * Default: 1280 (IPv6 要求的最小值)<br /><br /> 缺省最大傳輸單元.<br /><br /> router_solicitation_delay<br /><br /> * Type: INTEGER<br /> * Default: 1<br /><br /> 在發送路由請求之前界面的等待時間(秒).<br /><br /> router_solicitation_interval<br /><br /> * Type: INTEGER<br /> * Default: 4<br /><br /> 在每個路由請求之間的等待時間(秒).<br /><br /> router_solicitations<br /><br /> * Type: INTEGER<br /> * Default: 3<br /><br /> 假定沒有路由的情況下發送的請求個數.<br /><br /> neigh/default/*<br /><br /> Change default settings for neighbor detection and some special global<br /> interval and threshold values:<br /><br /> gc_thresh1<br /><br /> * Type: INTEGER<br /> * Default: 128<br /><br /> More to be filled.<br /><br /> gc_thresh2<br /><br /> * Type: INTEGER<br /> * Default: 512<br /><br /> More to be filled.<br /><br /> gc_thresh3<br /><br /> * Type: INTEGER<br /> * Default: 1024<br /><br /> 芳鄰列印表大小的調節項.<br /><br /> 如果您有許多界面,或路由表現反常 試著增大數值. Or if a running Zebra<br /> (routing daemon) reports:<br /> ______________________________________________________________<br /><br />ZEBRA: netlink-listen error: No buffer space available, type=RTM_NEWROUTE(24),<br />seq=426, pid=0<br /> ______________________________________________________________<br /><br /> gc_interval<br /><br /> * Type: INTEGER<br /> * Default: 30<br /><br /> More to be filled.<br /><br /> neigh/interface/*<br /><br /> Change special settings per interface for neighbor detection.<br /><br /> anycast_delay<br /><br /> * Type: INTEGER<br /> * Default: 100<br /><br /> More to be filled.<br /><br /> gc_stale_time<br /><br /> * Type: INTEGER<br /> * Default: 60<br /><br /> More to be filled.<br /><br /> proxy_qlen<br /><br /> * Type: INTEGER<br /> * Default: 64<br /><br /> More to be filled.<br /><br /> unres_qlen<br /><br /> * Type: INTEGER<br /> * Default: 3<br /><br /> More to be filled.<br /><br /> app_solicit<br /><br /> * Type: INTEGER<br /> * Default: 0<br /><br /> More to be filled.<br /><br /> locktime<br /><br /> * Type: INTEGER<br /> * Default: 0<br /><br /> More to be filled.<br /><br /> retrans_time<br /><br /> * Type: INTEGER<br /> * Default: 100<br /><br /> More to be filled.<br /><br /> base_reachable_time<br /><br /> * Type: INTEGER<br /> * Default: 30<br /><br /> More to be filled.<br /><br /> mcast_solicit<br /><br /> * Type: INTEGER<br /> * Default: 3<br /><br /> More to be filled.<br /><br /> ucast_solicit<br /><br /> * Type: INTEGER<br /> * Default: 3<br /><br /> More to be filled.<br /><br /> delay_first_probe_time<br /><br /> * Type: INTEGER<br /> * Default: 5<br /><br /> More to be filled.<br /><br /> proxy_delay<br /><br /> * Type: INTEGER<br /> * Default: 80<br /><br /> More to be filled.<br /><br /> route/*<br /><br /> 設定global(全局)路由<br /><br /> flush<br /><br /> Removed in newer kernel releases - more to be filled.<br /><br /> gc_interval<br /><br /> * Type: INTEGER<br /> * Default: 30<br /><br /> More to be filled.<br /><br /> gc_thresh<br /><br /> * Type: INTEGER<br /> * Default: 1024<br /><br /> More to be filled.<br /><br /> mtu_expires<br /><br /> * Type: INTEGER<br /> * Default: 600<br /><br /> More to be filled.<br /><br /> gc_elasticity<br /><br /> * Type: INTEGER<br /> * Default: 0<br /><br /> More to be filled.<br /><br /> gc_min_interval<br /><br /> * Type: INTEGER<br /> * Default: 5<br /><br /> More to be filled.<br /><br /> gc_timeout<br /><br /> * Type: INTEGER<br /> * Default: 60<br /><br /> More to be filled.<br /><br /> min_adv_mss<br /><br /> * Type: INTEGER<br /> * Default: 12<br /><br /> More to be filled.<br /><br /> max_size<br /><br /> * Type: INTEGER<br /> * Default: 4096<br /><br /> More to be filled.<br /><br />11.4 IPv6-related entries in /proc/sys/net/ipv4/<br /><br /> 目前(直到IPv4全部成為核心模組),一些開關也可以為IPv6所使用.<br /><br /> ip_*<br /><br /> ip_local_port_range<br /><br /> 也可以為IPv6使用.<br /><br /> tcp_*<br /><br /> 也可以為IPv6使用.<br /><br /> ICMP_*<br /><br /> 不能為IPv6使用. 激活 ICMPv6 比率限制 rate limting (極力推薦,因為它有抵<br /> 禦 ICMPv6 網路風暴的能力) netfilter-v6 rules must be used.<br /><br /> 其它<br /><br /> 不知道, 不能為IPv6使用吧.<br /><br />11.5 IPv6-related entries in /proc/net/<br /><br /> 這個地方是只讀的, 您不能通過 "sysctl" 得到資訊,可以使用 "cat"<br /><br /> if_inet6<br /><br /> 每一行地址包含多個值.<br /><br /> 這裡IPv6地址是用特殊的格式列印的,例子只列印環繞interface(界面)含義在下<br /> 面<br /> ______________________________________________________________<br /><br /># cat /proc/net/if_inet6<br />00000000000000000000000000000001 01 80 10 80 lo<br />+------------------------------+ ++ ++ ++ ++ ++<br />| | | | | |<br />1 2 3 4 5 6<br /> ______________________________________________________________<br /><br /> 1. 地址用32個不包含":"的十六進制列印.<br /><br /> 2. 連結的設備數值(interface index)使用十六進制列印.<br /><br /> 3. 前綴的長度使用十六進制列印.<br /><br /> 4. Scope value (see kernel source " include/net/ipv6.h" and<br /> "net/ipv6/addrconf.c" for more)<br /><br /> 5. Interface flags (see "include/linux/rtnetlink.h" and<br /> "net/ipv6/addrconf.c" for more)<br /><br /> 6. 設備名.<br /><br /> ipv6_route<br /><br /> 每一行地址包含多個值.<br /><br /> 這裡IPv6地址是用特殊的格式列印的,例子只列印環繞interface(界面)含義在下<br /> 面<br /> ______________________________________________________________<br /><br /># cat /proc/net/ipv6_route<br />00000000000000000000000000000000 00 00000000000000000000000000000000 00<br />+------------------------------+ ++ +------------------------------+ ++<br />| | | |<br />1 2 3 4<br />? 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo<br />? +------------------------------+ +------+ +------+ +------+ +------+ ++<br />? | | | | | |<br />? 5 6 7 8 9 10<br /> ______________________________________________________________<br /><br /> 1. IPv6目標網路用32個不包含":"的十六進制列印.<br /><br /> 2. IPv6prefix(前綴)的長度使用十六進制列印.<br /><br /> 3. IPv6來源網路用32個不包含":"的十六進制列印.<br /><br /> 4. IPv6來源prefix(前綴)的長度使用十六進制列印.<br /><br /> 5. IPv6下一個hop(躍點)用32個不包含":"的十六進制列印.<br /><br /> 6. Metric in hexadecimal<br /><br /> 7. Reference counter<br /><br /> 8. Use counter<br /><br /> 9. Flags(標緻)<br /><br /> 10.Device name<br /><br /> sockstat6<br /><br /> 每一行地址包含多個值.<br /><br /> IPv6 sockets統計:<br /> ______________________________________________________________<br /><br /># cat /proc/net/sockstat6<br />TCP6: inuse 7<br />UDP6: inuse 2<br />RAW6: inuse 1<br />FRAG6: inuse 0 memory 0<br /> ______________________________________________________________<br /><br /><br /> tcp6<br />To be filled.<br /><br /> udp6<br />To be filled.<br /><br /> igmp6<br />To be filled.<br /><br /> raw6<br />To be filled.<br /><br /> ip6_flowlabel<br />To be filled.<br /><br /> rt6_stats<br />To be filled.<br /><br /> snmp6<br /><br />Type: One line per SNMP description and value<br /><br />SNMP statistics, can be retrieved via SNMP server and related MIB table by netw<br />ork management software.<br /><br /> ip6_tables_names<br />Available netfilter6 tables<br /><br />12. Netlink-Interface to kernel<br /><br /> 內容有待增加... 這方面我沒什麼經驗...<br /><br />13. 網路 debugging<br /><br />13.1 Server socket binding(綁定)<br /><br />13.2 Using "netstat" for server socket binding check<br /><br /> 使用 "netstat" 是得到這些信息的捷徑.<br /><br /> 使用選項: -nlptu<br /><br /> 例子:<br /> ______________________________________________________________<br /><br /># netstat -nlptu<br />Active Internet connections (only servers)<br />Proto Recv-Q Send-Q Local Address Foreign Address State<br />? PID/Program name<br />tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN<br />? 1258/rpc.statd<br />tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN<br />? 1502/rpc.mountd<br />tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN<br />? 22433/lpd Waiting<br />tcp 0 0 1.2.3.1:139 0.0.0.0:* LISTEN<br />? 1746/smbd<br />tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN<br />? 1230/portmap<br />tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN<br />? 3551/X<br />tcp 0 0 1.2.3.1:8081 0.0.0.0:* LISTEN<br />? 18735/junkbuster<br />tcp 0 0 1.2.3.1:3128 0.0.0.0:* LISTEN<br />? 18822/(squid)<br />tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN<br />? 30734/named<br />tcp 0 0 ::ffff:1.2.3.1:993 :::* LISTEN<br />? 6742/xinetd-ipv6<br />tcp 0 0 :::13 :::* LISTEN<br />? 6742/xinetd-ipv6<br />tcp 0 0 ::ffff:1.2.3.1:143 :::* LISTEN<br />? 6742/xinetd-ipv6<br />tcp 0 0 :::53 :::* LISTEN<br />? 30734/named<br />tcp 0 0 :::22 :::* LISTEN<br />? 1410/sshd<br />tcp 0 0 :::6010 :::* LISTEN<br />? 13237/sshd<br />udp 0 0 0.0.0.0:32768 0.0.0.0:*<br />? 1258/rpc.statd<br />udp 0 0 0.0.0.0:2049 0.0.0.0:*<br />? -<br />udp 0 0 0.0.0.0:32770 0.0.0.0:*<br />? 1502/rpc.mountd<br />udp 0 0 0.0.0.0:32771 0.0.0.0:*<br />? -<br />udp 0 0 1.2.3.1:137 0.0.0.0:*<br />? 1751/nmbd<br />udp 0 0 0.0.0.0:137 0.0.0.0:*<br />? 1751/nmbd<br />udp 0 0 1.2.3.1:138 0.0.0.0:*<br />? 1751/nmbd<br />udp 0 0 0.0.0.0:138 0.0.0.0:*<br />? 1751/nmbd<br />udp 0 0 0.0.0.0:33044 0.0.0.0:*<br />? 30734/named<br />udp 0 0 1.2.3.1:53 0.0.0.0:*<br />? 30734/named<br />udp 0 0 127.0.0.1:53 0.0.0.0:*<br />? 30734/named<br />udp 0 0 0.0.0.0:67 0.0.0.0:*<br />? 1530/dhcpd<br />udp 0 0 0.0.0.0:67 0.0.0.0:*<br />? 1530/dhcpd<br />udp 0 0 0.0.0.0:32858 0.0.0.0:*<br />? 18822/(squid)<br />udp 0 0 0.0.0.0:4827 0.0.0.0:*<br />? 18822/(squid)<br />udp 0 0 0.0.0.0:111 0.0.0.0:*<br />? 1230/portmap<br />udp 0 0 :::53 :::*<br />? 30734/named<br /> ______________________________________________________________<br /><br />13.3 Examples for tcpdump packet dumps<br /><br /> 下面是一些被捕獲的數據包 ...下一次我會多弄一點來...:<br /><br /> Router discovery(路由發現)<br /><br /> Router advertisement<br /> ______________________________________________________________<br /><br />15:43:49.484751 fe80::212:34ff:fe12:3450 > ff02::1: icmp6: router<br />? advertisement(chlim=64, router_ltime=30, reachable_time=0,<br />? retrans_time=0)(prefix info: AR valid_ltime=30, preffered_ltime=20,<br />? prefix=2002:0102:0304:1::/64)(prefix info: LAR valid_ltime=2592000,<br />? preffered_ltime=604800, prefix=3ffe:ffff:0:1::/64)(src lladdr:<br />? 0:12:34:12:34:50) (len 88, hlim 255)<br /> ______________________________________________________________<br /><br /> 路由器使用link-local 地址 "fe80::212:34ff:fe12:3450" 發送廣告至<br /> all-node-on-link multicast address "ff02::1"<br /> 在它自己的 layer 2 MAC 地址 "0:12:34:12:34:50"中,<br /> 包含兩個前綴2002:0102:0304:1::/64" (lifetime 30 s) 和<br /> "3ffe:ffff:0:1::/64" (lifetime 2592000 s)<br /><br /> Router solicitation(路由請求)<br /> ______________________________________________________________<br /><br />15:44:21.152646 fe80::212:34ff:fe12:3456 > ff02::2: icmp6: router solicitation<br />? (src lladdr: 0:12:34:12:34:56) (len 16, hlim 255)<br /> ______________________________________________________________<br /><br /> 擁有link-local地址 "fe80::212:34ff:fe12:3456" 和 layer 2 MAC 地址<br /> "0:12:34:12:34:56"的節點尋找在線的 路由器. 所以發送一個路由請求到所有<br /> 在線的路由器地址multicast address "ff02::2"<br /><br /> Neighbor discovery(發現芳鄰)<br /><br /> Neighbor discovery solicitation for duplicate address detection(對網路芳鄰當<br /> 中 "重複的地址" 進行檢查)<br /><br /> 隨著數據包從layer 2 MAC 地址 "0:12:34:12:34:56" 發送出去的同時檢查是否<br /> 有節點用相同的地址發送數據包. Following packets are sent by a node<br /> with layer 2 MAC address "0:12:34:12:34:56" during autoconfiguration<br /> to check whether a potential address is already used by another node<br /> on the link sending this to the solicited-node link-local multicast<br /> address<br /><br /> * 當節點將使用地址"fe80::212:34ff:fe12:3456"作為本地連結時檢查重複的<br /> 地址.<br /> ______________________________________________________________<br /><br /> 15:44:17.712338 :: > ff02::1:ff12:3456: icmp6: neighbor<br />sol: who has<br /> ? fe80::212:34ff:fe12:3456(src lladdr: 0:12:34:12:34:56)<br /> (len 32, hlim 255)<br /> ______________________________________________________________<br /><br /> * 當節點將使用地址"2002:0102:0304:1:212:34ff:fe12:3456"作為global(全<br /> 局)連結時檢查重複的地址(得到上面的廣告之後).<br /> ______________________________________________________________<br /><br /> 15:44:21.905596 :: > ff02::1:ff12:3456: icmp6: neighbor s<br />ol: who has<br /> ? 2002:0102:0304:1:212:34ff:fe12:3456(src lladdr: 0:12:34<br />:12:34:56) (len 32,<br /> ? hlim 255)<br /> ______________________________________________________________<br /><br /> * 當節點將使用地址"3ffe:ffff:0:1:212:34ff:fe12:3456" 作為global(全<br /> 局)連結時檢查重複的地址(得到上面的廣告之後).<br /> ______________________________________________________________<br /><br /> 15:44:22.304028 :: > ff02::1:ff12:3456: icmp6: neighbor s<br />ol: who has<br /> ? 3ffe:ffff:0:1:212:34ff:fe12:3456(src lladdr: 0:12:34:12<br />:34:56) (len 32, hlim<br /> ? 255)<br /> ______________________________________________________________<br /><br /> Neighbor discovery solicitation for looking for host or gateway(查找一台主機<br /> 或閘道)<br /><br /> * 節點想要發送數據包至"3ffe:ffff:0:1::10",但是沒有layer 2 MAC 的發送<br /> 地址,於是發送請求.<br /> ______________________________________________________________<br /><br /> 13:07:47.664538 2002:0102:0304:1:2e0:18ff:fe90:9205 > ff0<br />2::1:ff00:10: icmp6:<br /> ? neighbor sol: who has 3ffe:ffff:0:1::10(src lladdr: 0:e<br />0:18:90:92:5) (len 32,<br /> ? hlim 255)<br /> ______________________________________________________________<br /><br /> * 節點現在查找"fe80::10"<br /> ______________________________________________________________<br /><br /> 13:11:20.870070 fe80::2e0:18ff:fe90:9205 > ff02::1:ff00:<br />10: icmp6: neighbor<br /> ? sol: who has fe80::10(src lladdr: 0:e0:18:90:92:5) (le<br />n 32, hlim 255)<br /> ______________________________________________________________<br /><br />14. Support for persistent IPv6 configuration in Linux distributions(在不同的發<br />行版中設定IPv6)<br /></pre>
Linux
2008-09-14T04:51:24Z
16hot
-
Linux IPv6 HOWTO (2)
http://16hot.blog.isyi.com/post/1/918
<pre># /sbin/route -A inet6<br /> ______________________________________________________________<br /><br /> 例子:在同一個界面上不同的IPv6路由.<br /> ______________________________________________________________<br /><br /># /sbin/ip -6 route show dev eth0<br /># /sbin/route -A inet6 |grep -w "eth0"<br />3ffe:ffff:0:f101 ::/64 :: UA 256 0 0 eth0 <- Interface route for global<br />? address<br />fe80::/10 :: UA 256 0 0 eth0 <- Interface route for link-local<br />? address<br />ff00::/8 :: UA 256 0 0 eth0 <- Interface route for all multicast<br />? addresses<br />::/0 :: UDA 256 0 0 eth0 <- Automatic default route<br /> ______________________________________________________________<br /><br />7.2 設定IPv6路由通過閘道<br /><br /> 使用"ip"<br /><br /> 使用方法:<br /> ______________________________________________________________<br /><br /># /sbin/ip -6 route add <ipv6network>/<prefixlength> via <ipv6address><br />? [dev <device>]<br /> ______________________________________________________________<br /><br /> 例子:<br /> ______________________________________________________________<br /><br /># /sbin/ip -6 route add 2000::/3 via 3ffe:ffff:0:f101::1<br /> ______________________________________________________________<br /><br /> 使用 "route"<br /><br /> 使用方法:<br /> ______________________________________________________________<br /><br /># /sbin/route -A inet6 add <ipv6network>/<prefixlength> gw<br />? <ipv6address> [dev <device>]<br /> ______________________________________________________________<br /><br /> 例子:為當前所有的(全局地址global addresses 2000::/3)址通過閘<br /> 道3ffe:ffff:0:f101::1<br /> ______________________________________________________________<br /><br /># /sbin/route -A inet6 add 2000::/3 gw 3ffe:ffff:0:f101::1<br /> ______________________________________________________________<br /><br />7.3 移除 IPv6路由通過閘道<br /><br /> 使用"ip"<br /><br /> 使用方法:<br /> ______________________________________________________________<br /><br /># /sbin/ip -6 route del <ipv6network>/<prefixlength> via <ipv6address><br />? [dev <device>]<br /> ______________________________________________________________<br /><br /> 例子:<br /> ______________________________________________________________<br /><br /># /sbin/ip -6 route del 2000::/3 via 3ffe:ffff:0:f101::1<br /> ______________________________________________________________<br /><br /> 使用 "route"<br /><br /> 使用方法:<br /> ______________________________________________________________<br /><br /># /sbin/route -A inet6 del <network>/<prefixlength> [dev <device>]<br /> ______________________________________________________________<br /><br /> 例子:移除前所有的(全局地址global addresses 2000::/3)址通過閘<br /> 道3ffe:ffff:0:f101::1<br /> ______________________________________________________________<br /><br /># /sbin/route -A inet6 del 2000::/3 gw 3ffe:ffff:0:f101::1<br /> ______________________________________________________________<br /><br />7.4 增加IPv6路由至interface(界面)<br /><br /> 使用 "ip"<br /><br /> 使用方法:<br /> ______________________________________________________________<br /><br /># /sbin/ip -6 route add <ipv6network>/<prefixlength> dev <device><br />? metric 1<br /> ______________________________________________________________<br /><br /> 例子:<br /> ______________________________________________________________<br /><br /># /sbin/ip -6 route add 2000::/3 dev eth0 metric 1<br /> ______________________________________________________________<br /><br /> 使用 "route"<br /><br /> 使用方法:<br /> ______________________________________________________________<br /><br /># /sbin/route -A inet6 add <network>/<prefixlength> dev <device><br /> ______________________________________________________________<br /><br /> 例子:<br /> ______________________________________________________________<br /><br /># /sbin/route -A inet6 add 2000::/3 dev eth0<br /> ______________________________________________________________<br /><br />7.5 從interface(界面)移除IPv6路由<br /><br /> 使用 "ip"<br /><br /> 使用方法:<br /> ______________________________________________________________<br /><br /># /sbin/ip -6 route del <ipv6network>/<prefixlength> dev <device><br />? metric 1<br /> ______________________________________________________________<br /><br /> 例子:<br /> ______________________________________________________________<br /><br /># /sbin/ip -6 route del 2000::/3 dev eth0<br /> ______________________________________________________________<br /><br /> 使用 "route"<br /><br /> 使用方法:<br /> ______________________________________________________________<br /><br /># /sbin/route -A inet6 del <network>/<prefixlength> dev <device><br /> ______________________________________________________________<br /><br /> 例子:<br /> ______________________________________________________________<br /><br /># /sbin/route -A inet6 del 2000::/3 dev eth0<br /> ______________________________________________________________<br /><br />7.6 FAQ for IPv6 routes(IPv6 路由的經常問答)<br /><br /> Support of an IPv6 default route<br /><br /> IPv6的一個方法是hierachical routing(分級路由).因此,分級當中最少需要一<br /> 個路由.<br /><br /> 在目前的核心中有一些問題:<br /><br /> Clients (not routing any packet!)沒有任何數據包被路由.<br /><br /> Clinets 可以設定一個缺省的prefix "::/0"(前綴為 ::/0 的路由).<br /> ______________________________________________________________<br /><br /># ip -6 route show | grep ^default<br />default via fe80::212:34ff:fe12:3450 dev eth0 proto kernel metric 1024 expires<br />? 29sec mtu 1500 advmss 1440<br /> ______________________________________________________________<br /><br /> Routers on packet forwarding (路由包轉寄)<br /><br /> 目前主流的Linux核心(最少是 <=2.4.17) 不支持缺省路由. 您可以設定它們,但<br /> 在發送數據包時環繞會失敗. 所以,目前的缺省路由可以被設定成 前綴<br /> 為"2000::/3"的 global (全局地址). USAGI 對這個有著良好的支持.<br /><br /> 注意: 注意沒有地址篩選的邊緣路由器的缺省路由, 不然會有多餘的multicast<br /> 或 site-local 傳輸從邊緣溢出.<br /><br />8. Neighbor Discovery(發現芳鄰)<br /><br /> IPv6 的 Neighbor Discovery繼承了IPv4 的 ARP (Address Resolution<br /> Protocol地址解析協議). 您可以重新得到芳鄰的資訊. 並且可以編輯/刪除它.<br /><br /> Neighbor detection(對芳鄰進行探測)<br /><br /> 核心負責對探測成功的芳鄰進行追蹤. 您可以用 "ip" 來挖掘其中的信息.<br /><br />8.1 Displaying neighbors using "ip" (用"ip"命令列印芳鄰)<br /><br /> 使用以下的命令,您可以知道芳鄰的設定.<br /> ______________________________________________________________<br /><br /># ip -6 neigh show [dev <device>]<br /> ______________________________________________________________<br /><br /> 下面的例子當中列印了一個芳鄰,它是一個可到達的路由器.<br /> ______________________________________________________________<br /><br /># ip -6 neigh show<br />fe80::201:23ff:fe45:6789 dev eth0 lladdr 00:01:23:45:67:89 router nud reachable<br /> ______________________________________________________________<br /><br />8.2 用 "ip" 對芳鄰的列印表進行處理<br /><br /> 用以下的命令可以加入一個entry(列印項)<br /> ______________________________________________________________<br /><br /># ip -6 neigh add <IPv6 address> lladdr <link-layer address> dev <device><br /> ______________________________________________________________<br /><br /> 例子:<br /> ______________________________________________________________<br /><br /># ip -6 neigh add fec0::1 lladdr 02:01:02:03:04:05 dev eth0<br /> ______________________________________________________________<br /><br /> 用以下的命令可以移除一個entry(列印項)<br /> ______________________________________________________________<br /><br /># ip -6 neigh del <IPv6 address> lladdr <link-layer address> dev <device><br /> ______________________________________________________________<br /><br /> 例子:<br /> ______________________________________________________________<br /><br /># ip -6 neigh del fec0::1 lladdr 02:01:02:03:04:05 dev eth0<br /> ______________________________________________________________<br /><br /> 更高階的設定<br /><br /> "ip"工具非常強大, 但沒有足夠的幫助資訊.<br /> ______________________________________________________________<br /><br /># ip -6 neigh help<br />Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ]<br /> [ nud { permanent | noarp | stale | reachable } ]<br /> | proxy ADDR } [ dev DEV ]<br /> ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ]<br /> ______________________________________________________________<br /><br /> 有點像IPv4的列印, 如果您知道它的詳細用法,請幫我 send 一份過來.<br /><br />9. Configuring IPv6-in-IPv4 tunnels(設定遂道)<br /><br />9.1 遂道的類型<br /><br /> 將IPv6數據包傳輸到IPv4連結不只有一種可能.<br /><br /> Static point-to-point tunneling: 6bone (以點對點方式構建的遂道)<br /><br /> IPv6和IPv4的遂道定義在 [27]RFC 2893 / Transition Mechanisms for IPv6<br /> Hosts and Routers<br /><br /> 必備條件:<br /> * 遂道另一端的IPv4地址必需是static(靜態的).global unique and<br /> reachable from the foreign tunnel endpoint<br /> * 您以經擁有的一個global IPv6 prefix(前綴),參照 6bone registry.<br /> * 有一個可以將您的IPv6 prefix 路由到本地端的外界tunnel端(通常需要進<br /> 行遠端操作)<br /><br /> Automatically tunneling(遂道操作自動化)<br /><br /> 當一個節點直接同另一個節點進行連結,在得到節點IPv4地址之前,節點就會執行<br /> 遂道操作自動化.<br /><br /> 6to4-Tunneling(遂道操作)<br /><br /> 它使用一個簡單的機制實行Tunneling(遂道操作) [28]RFC 3056 / Connection<br /> of IPv6 Domains via IPv4 Clouds. 每個節點的global unique IPv4 (唯一全<br /> 局地址)可以成為 6to4 tunnel 的終點(如果沒有IPv4防火牆限制通訊).<br /> 6to4-Tunneling(遂道操作)不是專用於一對一的遂道, 這個案例可以分開針<br /> 對upstream and downstream (上級和下級)的遂道操作. 同樣,一個特別的IPv6<br /> 地址會指出這個節點使用6to4-Tunnel同全世界的 IPv6 網路進行連結.<br /><br /> Generation of 6to4 prefix(產生6to4的前綴).<br /><br /> 6to4 的地址像下面這樣定義:(源自 [29]RFC 3056 / Connection of IPv6<br /> Domains via IPv4 Clouds)<br /> ______________________________________________________________<br /><br />__________________________________________________________________<br />| 3+13 | 32 | 16 | 64 bits |<br />+---+------+-----------+--------+--------------------------------+<br />| FP+TLA | V4ADDR | SLA ID | Interface ID |<br />| 0x2002 | | | |<br />+---+------+-----------+--------+--------------------------------+<br /> ______________________________________________________________<br /><br /> FP是global addresses(全局地址)的前綴. TLA是top level aggregator(最高層<br /> 集) V4ADDR是IPv4全局唯一地址((in hexadecimal notation). SLA是子網路標<br /> 緻(65536 local subnets possible). 這些前綴產生時的SLA 為"0000" 後綴是<br /> "::1" 並分配到6to4 tunnel interface(界面).<br /><br /> 6to4 upstream tunneling(上級遂道操作)<br /><br /> 節點知道向哪裡發送含有IPv6數據包的IPv4數據包. 早期的6to4遂道,必需設定<br /> 一個專用的上級路由器接受這種操作. 參照 [30]NSayer's 6to4 information <br /> 裡的路由列印. 現在 6to4上級路由器可以使用anycast address 192.88.99.1<br /> 它由後台的路由協議控制. 參照 [31]RFC 3068 / An Anycast Prefix for 6to4<br /> Relay Routers<br /><br /> 6to4 downstream tunneling(下級遂道操作)<br /><br /> The downstream (6bone -> your 6to4 enabled node) is not really fix and<br /> can vary from foreign host which originated packets were send to.<br /> There exist two possibilities: 它還沒有正式修正對數據包來源的確定, 存<br /> 在以下兩種可能:<br /> * 外部主機直接使用6to4把IPv6數據包發回給您.<br /> * 外部主機通過全球IPv6網路, 依靠動態路建立一個automatic tunnel 由<br /> 將IPv6數據包發回給您.<br /><br /> Possible 6to4 traffic(6to4的幾種通訊方法)<br /><br /> * 從 6to4 到 6to4: 通常在兩個 6to4 enabled 主機之間直接進行遂道操作<br /> tunneled between the<br /> * 從 6to4 到 non-6to4: 通過上級遂道操作發送數據包.<br /> * 從 non-6to4 到 6to4: 通過下級遂道操作發送數據包.<br /><br />9.2 列印現存的tunnels(遂道)<br /><br /> 使用 "ip"<br /><br /> 用法:<br /> ______________________________________________________________<br /><br /># /sbin/ip -6 tunnel show [<device>]<br /> ______________________________________________________________<br /><br /> 例子:<br /> ______________________________________________________________<br /><br /># /sbin/ip -6 tunnel show<br />sit0: ipv6/ip remote any local any ttl 64 nopmtudisc<br />sit1: ipv6/ip remote 195.226.187.50 local any ttl 64<br /> ______________________________________________________________<br /><br /> 使用 "route"<br /><br /> 用法:<br /> ______________________________________________________________<br /><br /># /sbin/route -A inet6<br /> ______________________________________________________________<br /><br /> 例子:只列印從sit0界面通過的遂道.<br /> ______________________________________________________________<br /><br /># /sbin/route -A inet6 | grep "Wsit0W*$"<br />::/96 :: U 256 2 0 sit0<br />2002::/16 :: UA 256 0 0 sit0<br />2000::/3 ::193.113.58.75 UG 1 0 0 sit0<br />fe80::/10 :: UA 256 0 0 sit0<br />ff00::/8 :: UA 256 0 0 sit0<br /> ______________________________________________________________<br /><br />9.3 Setup of point-to-point tunnel(設定點對點的遂道)<br /><br /> 有3種方法可以加入/移除point-to-point tunnel<br /><br /> Add point-to-point tunnels (加入)<br /><br /> 使用 "ip"<br /><br /> 目前針對少量tunnels的方法<br /><br /> 設定tunnel device (它不會立既啟用.TTL必需指定, 因為初始值是0)<br /> ______________________________________________________________<br /><br /># /sbin/ip tunnel add < device > mode sit ttl < ttldefault > remote<br />? < ipv4addressofforeigntunnel > local < ipv4addresslocal ><br /> ______________________________________________________________<br /><br /> 用法(這個例子中有三個遂道)<br /> ______________________________________________________________<br /><br /># /sbin/ip tunnel add sit1 mode sit ttl <ttldefault> remote<br />? <ipv4addressofforeigntunnel1> local <ipv4addresslocal><br /># /sbin/ip set dev sit1 up<br /># /sbin/ip -6 route add <prefixtoroute1> dev sit1 metric 1<br /># /sbin/ip tunnel add sit2 mode sit ttl <ttldefault><br />? <ipv4addressofforeigntunnel2> local <ipv4addresslocal><br /># /sbin/ip set dev sit2 up<br /># /sbin/ip -6 route add <prefixtoroute2> dev sit2 metric 1<br /># /sbin/ip tunnel add sit3 mode sit ttl <ttldefault><br />? <ipv4addressofforeigntunnel3> local <ipv4addresslocal><br /># /sbin/ip set dev sit3 up<br /># /sbin/ip -6 route add <prefixtoroute3> dev sit3 metric 1<br /> ______________________________________________________________<br /><br /> 使用 "ifconfig" and "route" (deprecated)<br /><br /> 不推薦一次就 Non Broadcast Multiple Access (NBMA)這麼多,因為您如果只想<br /> 關閉第一個但又要讓其它的繼續運行,有點難啊.只加一個是沒有問題的.<br /> ______________________________________________________________<br /><br /># /sbin/ifconfig sit0 up<br /># /sbin/ifconfig sit0 tunnel <ipv4addressofforeigntunnel1><br /># /sbin/ifconfig sit1 up<br /># /sbin/route -A inet6 add <prefixtoroute1> dev sit1<br /># /sbin/ifconfig sit0 tunnel <ipv4addressofforeigntunnel2><br /># /sbin/ifconfig sit2 up<br /># /sbin/route -A inet6 add <prefixtoroute2> dev sit2<br /># /sbin/ifconfig sit0 tunnel <ipv4addressofforeigntunnel3><br /># /sbin/ifconfig sit3 up<br /># /sbin/route -A inet6 add <prefixtoroute3> dev sit3<br /> ______________________________________________________________<br /><br /> 警告:這樣做有很大的風險, 因為任何人可以從Internet的任何地點使<br /> 用"automatic tunneling"同您進行連結.我不推薦您這樣做.<br /><br /> 使用 "route" only<br /><br /> 當然可以設定tunnel使用 Non Broadcast Multiple Access (NBMA)非多地址廣<br /> 播的方式 這種方法可以一次就加入很多tunnel. 使用方法 (三個tunnel的基本<br /> 例子):<br /> ______________________________________________________________<br /><br /># /sbin/ifconfig sit0 up<br /># /sbin/route -A inet6 add <prefixtoroute1> gw<br />? ::<ipv4addressofforeigntunnel1> dev sit0<br /># /sbin/route -A inet6 add <prefixtoroute2> gw<br />? ::<ipv4addressofforeigntunnel2> dev sit0<br /># /sbin/route -A inet6 add <prefixtoroute3> gw<br />? ::<ipv4addressofforeigntunnel3> dev sit0<br /> ______________________________________________________________<br /><br /> 警告:這樣做有很大的風險, 因為任何人可以從Internet的任何地點使<br /> 用"automatic tunneling"同您進行連結.我不推薦您這樣做.<br /><br /> Removing point-to-point tunnels(移除遂道)<br /><br /> 手工方式不經常使用,可以用scripts移除/重新設定IPv6tunnels<br /><br /> 使用 "ip"<br /><br /> 移除遂道設備的用法:<br /> ______________________________________________________________<br /><br /># /sbin/ip tunnel del <device><br /> ______________________________________________________________<br /><br /> Usage (三個tunnel的基本例子):<br /> ______________________________________________________________<br /><br /># /sbin/ip -6 route del <prefixtoroute1> dev sit1<br /># /sbin/ip set sit1 down<br /># /sbin/ip tunnel del sit1<br /># /sbin/ip -6 route del <prefixtoroute2> dev sit2<br /># /sbin/ip set sit2 down<br /># /sbin/ip tunnel del sit2<br /># /sbin/ip -6 route del <prefixtoroute3> dev sit3<br /># /sbin/ip set sit3 down<br /># /sbin/ip tunnel del sit3<br /> ______________________________________________________________<br /><br /> 使用 "ifconfig" and "route" (因為不怎麼有趣所以不贊成這麼做)<br /><br /> Usage (三個tunnel的基本例子):您必需反向移除它們, 也就是先建立的必需先<br /> 移除.<br /> ______________________________________________________________<br /><br /># /sbin/route -A inet6 del <prefixtoroute3> dev sit3<br /># /sbin/ifconfig sit3 down<br /># /sbin/route -A inet6 del <prefixtoroute2> dev sit2<br /># /sbin/ifconfig sit2 down<br /># /sbin/route -A inet6 add <prefixtoroute1> dev sit1<br /># /sbin/ifconfig sit1 down<br /># /sbin/ifconfig sit0 down<br /> ______________________________________________________________<br /><br /> 使用 "route"<br /><br /> 移除IPv6路由. 使用方法 (三個tunnel的基本例子):<br /> ______________________________________________________________<br /><br /># /sbin/route -A inet6 del <prefixtoroute1> gw<br />? ::<ipv4addressofforeigntunnel1> dev sit0<br /># /sbin/route -A inet6 del <prefixtoroute2> gw<br />? ::<ipv4addressofforeigntunnel2> dev sit0<br /># /sbin/route -A inet6 del <prefixtoroute3> gw<br />? ::<ipv4addressofforeigntunnel3> dev sit0<br /># /sbin/ifconfig sit0 down<br /> ______________________________________________________________<br /><br /> Numbered point-to-point tunnels(有限的點對點遂道)<br /><br /> 有時需要設定一個point-to-point 遂道 和IPv6地址, 但方法中只有第一<br /> 個(ifconfig+route - deprecated)和第三個(ip+route)可行. 在這些案例中您<br /> 可以加入一個IPv6地址到 tunnel interface(用於遂道操作的那個界面)<br /><br />9.4 Setup of 6to4 tunnels (設定 IPv6至IPv4的遂道)<br /><br /> 注意:6to4 tunnels 目前缺乏vanilla 2.2.x系列核心的支持. 同樣要注意的<br /> 是6to4地址的前綴長度是16 所有的 6to4 主機都在相同的第二層.<br /><br /> Add a 6to4 tunnel(增加一個 6to4 遂道)<br /><br /> 首先, 您必需用可路由的本地IPv4 global 地址來計算 6to4 的前綴. (如果您<br /> 的主機沒有可路由的本地IPv4 global 地址, 在閘道邊緣的NAT地址也行 in<br /> special cases NAT on border gateways is possible):<br /><br /> 假定您的IPv4地址為:<br /> ______________________________________________________________<br /><br />1.2.3.4<br /> ______________________________________________________________<br /><br /> 產生的6to4 prefix(前綴)為 :<br /> ______________________________________________________________<br /><br />2002:0102:0304::<br /> ______________________________________________________________<br /><br /> 本地的 6to4 閘道需要手工設定後綴為"::1", 因此您的6to4地址就成為:<br /> ______________________________________________________________<br /><br />2002:0102:0304::1<br /> ______________________________________________________________<br /><br /> 以下依據指定的IPv4地址產生6to4地址:<br /> ______________________________________________________________<br /><br />ipv4="1.2.3.4"; printf "2002:%02x%02x:%02x%02x::1" `echo $ipv4 | tr "." " "`<br /> ______________________________________________________________<br /><br /> 目前有兩種方法可以設定6to4遂道<br /><br /> 使用 "ip" 和專用的遂道設備.<br /><br /> 這是被推薦的做法. 創建一個遂道設備.<br /> ______________________________________________________________<br /><br /># /sbin/ip tunnel add tun6to4 mode sit remote any local <localipv4address><br /> ______________________________________________________________<br /><br /> Bring interface up(激活它)<br /> ______________________________________________________________<br /><br /># /sbin/ip link set dev tun6to4 up<br /> ______________________________________________________________<br /><br /> 將本地6to4地址加入到界面.(注意:它的前綴長度必需是16)<br /> ______________________________________________________________<br /><br /># /sbin/ip -6 addr add <local6to4address>/16 dev tun6to4<br /> ______________________________________________________________<br /><br /> 加入一個用all-6to4-routers IPv4 anycast 地址作為到達global IPv6 網路的<br /> 路由(缺省的路由)<br /> ______________________________________________________________<br /><br /># /sbin/ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1<br /> ______________________________________________________________<br /><br /> 使用 "ifconfig" and "route" and generic tunnel device "sit0" (不被推薦的做法)<br /><br /> 不被推薦是因為tunnel device sit0 不支持特別的過慮器應用在每個設備上.<br /><br /> Bring generic tunnel interface sit0 up(將界面sit0激活)<br /> ______________________________________________________________<br /><br /># /sbin/ifconfig sit0 up<br /> ______________________________________________________________<br /><br /> Add local 6to4 address to interface(向界面添加本地 6to4 地址)<br /> ______________________________________________________________<br /><br /># /sbin/ifconfig sit0 add <local6to4address>/16<br /> ______________________________________________________________<br /><br /> 加入一個用all-6to4-relays IPv4 anycast地址作為到達global IPv6 網路的路<br /> 由(缺省的路由)<br /> ______________________________________________________________<br /><br /># /sbin/route -A inet6 add 2000::/3 gw ::192.88.99.1 dev sit0<br /> ______________________________________________________________<br /><br /> Remove a 6to4 tunnel(移除 6to4 遂道)<br /><br /> 使用 "ip" and a 專用遂道設備<br /><br /> 從dedicated tunnel device 移除所有路由<br /> ______________________________________________________________<br /><br /># /sbin/ip -6 route flush dev tun6to4<br /> ______________________________________________________________<br /><br /> Shut down interface(關閉界面)<br /> ______________________________________________________________<br /><br /># /sbin/ip link set dev tun6to4 down<br /> ______________________________________________________________<br /><br /> Remove created tunnel device(移除遂道設備)<br /> ______________________________________________________________<br /><br /># /sbin/ip tunnel del tun6to4<br /> ______________________________________________________________<br /><br /> 使用 "ifconfig" and "route" and generic tunnel device "sit0" (不被推薦的做法)<br /><br /> 移除 6to4 界面上遂道的路由<br /> ______________________________________________________________<br /><br /># /sbin/route -A inet6 del 2000::/3 gw ::192.88.99.1 dev sit0<br /> ______________________________________________________________<br /><br /> Remove local 6to4 address to interface(從界面移除本地 6to4 地址)<br /> ______________________________________________________________<br /><br /># /sbin/ifconfig sit0 del <local6to4address>/16<br /> ______________________________________________________________<br /><br /> 並閉 generic tunnel device (當心, 可能它還在使用當中)<br /> ______________________________________________________________<br /><br /># /sbin/ifconfig sit0 down<br /> ______________________________________________________________<br /><br />10. 設定 IPv4-in-IPv6 遂道<br /><br /> 這裡的內容會在將來添加,目前這種遂道處在試驗階段.參照: [32]RFC 2473 /<br /> Generic Packet Tunneling in IPv6 Specification<br /><br />11. 核心設定 in /proc-filesystem<br /><br />11.1 怎樣進入 /proc-filesystem<br /><br /> 使用 "cat"和 "echo"<br /><br /> 使用 "cat"和 "echo" 是進入 /proc-filesystem的最簡單方法. 但必需具備下<br /> 面幾個條件:<br /><br /> * 在核心中打開 /proc-filesystem 支持, 在編譯的時候可以通過<br /> CONFIG_PROC_FS=y 做到.<br /> * /proc-filesystem 已經掛進系統,可以用以下的方法測試:<br /> ______________________________________________________________<br /><br /># mount | grep "type proc"<br />none on /proc type proc (rw)<br /> ______________________________________________________________<br /><br /> * 您必需知道對/proc-filesystem 的各種操作.<br /><br /> 通常/proc/sys/* 都是可寫的, 其它的都是只讀或只提供相關資訊.<br /><br /> 得到一個值<br /><br /> 可以使用 "cat" 得到一個值.<br /> ______________________________________________________________<br /><br /># cat /proc/sys/net/ipv6/conf/all/forwarding<br />0<br /> ______________________________________________________________<br /><br /> 設定一個值<br /><br /> 可以使用 "echo" 設定一個值.<br /> ______________________________________________________________<br /><br /># echo "1" >/proc/sys/net/ipv6/conf/all/forwarding<br /> ______________________________________________________________<br /><br /> 使用 "sysctl"<br /><br /> 使用 "sysctl" 設定核心是當前流行的方法, 您也能用. 如果/proc-filesystem<br /> 沒有掛進來, 那麼您只可以訪問/proc/sys/*<br /><br /> "sysctl"程式在"procps"安裝包中.(Red Hat Linux systems)<br /><br /> sysctl-interface 需要在核心中進行激活, 在編譯的時候可以通過以下選項完<br /> 成:<br /> ______________________________________________________________<br /><br />CONFIG_SYSCTL=y<br /> ______________________________________________________________<br /><br /> 設定一個值<br /><br /> A new value can be set (if entry is writable):<br /> ______________________________________________________________<br /><br /># sysctl -w net.ipv6.conf.all.forwarding=1<br />net.ipv6.conf.all.forwarding = 1<br /> ______________________________________________________________<br /><br /> 在 "=" 兩邊不能出現spaces符號,也不能像下面那樣一次設定多個值:<br /> ______________________________________________________________<br /><br /># sysctl -w net.ipv4.ip_local_port_range="32768 61000"<br />net.ipv4.ip_local_port_range = 32768 61000<br /> ______________________________________________________________<br /><br /> 另外<br /><br /> sysctl使用 "/" 代替 "." 詳細資訊請看sysctl的manpage<br /><br /> 提示:快速查找設定的資訊,可以聯合使用帶"-a"的grep.<br /><br />11.2 /proc-filesystems 裡的數值類型.<br /><br /> * BOOLEAN: simple a "0" (false) or a "1" (true)<br /> * INTEGER: an integer value, can be unsigned, too<br /> * more sophisticated lines with several values: sometimes a header<br /> line is displayed also, if not, have a look into the kernel source<br /> to retrieve information about the meaning of each value...<br /><br />11.3 Entries in /proc/sys/net/ipv6/<br /></pre>
Linux
2008-09-14T04:50:50Z
16hot
-
Linux IPv6 HOWTO (1)
http://16hot.blog.isyi.com/post/1/917
<pre>Author:Peter Bieringer pb@bieringer.de<br />譯者: 陳敏劍 expns@yahoo.com<br /><br /> Revision Release 0.31 2002-09-29 Revised by: PB 翻譯日期: 2002-10-14 ,<br /> 2002-11-19 第二次修正<br /> _________________________________________________________________<br /><br /> Linux IPv6 HOWTO 的目地是回答在 Linux 作業系統上設定IPv6的基本/進階問<br /> 題.這份HOWTO為用戶在Linux作業系統上安裝,設定和使用IPv6提供足夠的資訊.<br /> _________________________________________________________________<br /><br />1. 概述<br /><br /> * 1.1 版本<br /> * 1.2 版權,許可與其它<br /> * 1.3 關於作者<br /> * 1.4 聯繫<br /> * 1.5 類別<br /> * 1.6 版本, 歷史和打算<br /> * 1.7 歷史<br /> * 1.8 全部歷史<br /> * 1.9 打算<br /> * 1.10 翻譯<br /> * 1.11 德語<br /> * 1.12 其它的語系<br /> * 1.13 波蘭版<br /> * 1.14 中譯版<br /> * 1.15 技術方面<br /> * 1.16 代碼封裝<br /> * 1.17 產生SGML<br /> * 1.18 2HTML版式的在線目錄(linking/anchors)<br /> * 1.19 專用的頁面<br /> * 1.20 有多少個關於 Linux和IPv6 HOWTO的變動版本?<br /> * 1.21 Linux IPv6 FAQ/HOWTO (過時的)<br /> * 1.22 IPv6 & Linux - HowTo (正在維護當中)<br /> * 1.23 Linux IPv6 HOWTO (現在這份HOWTO)<br /> * 1.24 Long code line wrapping signal char<br /> * 1.25 Placeholders (佔位符)<br /> * 1.26 Commands in the shell(shell 裡的命令)<br /> * 1.27 使用這個HOWTO的必需條件<br /><br />2. 什麼是IPv6?<br /><br /> * 2.1 IPv6在Linux作業系統上的歷史<br /> * 2.2 開始<br /> * 2.3 其間<br /> * 2.4 現在<br /> * 2.5 將來<br /> * 2.6 IPv6 的地址會是什麼樣 ?<br /> * 2.7 FAQ(基礎)<br /><br />3. 地址的類型<br /><br /> * 3.1 沒有前綴的地址<br /> * 3.2 網路部分,也叫做前綴<br /> * 3.3 地址類型(主機)<br /> * 3.4 路由的前綴長度<br /><br />4. 準備IPv6的運行系統<br /><br /> * 4.1 IPv6-ready kernel<br /> * 4.2 IPv6-ready 網路設定工具<br /> * 4.3 IPv6-ready 測試/調式 程式<br /> * 4.4 IPv6-ready programs(能和IPv6協同工作的程式)<br /> * 4.5 IPv6-ready 客戶端程式 (selection)<br /> * 4.6 IPv6-ready server 程式<br /><br />5. 設定interfaces(界面)<br /><br /> * 5.1 不同的網路設備<br /> * 5.2 Bringing interfaces up/down(設定界面的開/關)<br /><br />6. 設定IPv6地址<br /><br /> * 6.1 列印當前的IPv6地址<br /> * 6.2 增加一個IPv6地址<br /> * 6.3 移除IPv6地址<br /><br />7. 設定IPv6路由<br /><br /> * 7.1 列印現有的路由<br /> * 7.2 設定IPv6路由通過閘道<br /> * 7.3 移除 IPv6路由通過閘道<br /> * 7.4 增加IPv6路由至interface(界面)<br /> * 7.5 從interface(界面)移除IPv6路由<br /> * 7.6 FAQ for IPv6 routes(IPv6 路由的經常問答)<br /><br />8. Neighbor Discovery(發現芳鄰)<br /><br /> * 8.1 Displaying neighbors using "ip" (用"ip"命令列印芳鄰)<br /> * 8.2 用 "ip" 對芳鄰的列印表進行處理<br /><br />9. Configuring IPv6-in-IPv4 tunnels(設定遂道)<br /><br /> * 9.1 遂道的類型<br /> * 9.2 列印現存的tunnels(遂道)<br /> * 9.3 Setup of point-to-point tunnel(設定點對點的遂道)<br /> * 9.4 Setup of 6to4 tunnels (設定 IPv6至IPv4的遂道)<br /><br />10. 設定 IPv4-in-IPv6 遂道<br /><br />11. 核心設定 in /proc-filesystem<br /><br /> * 11.1 怎樣進入 /proc-filesystem<br /> * 11.2 /proc-filesystems 裡的數值類型.<br /> * 11.3 Entries in /proc/sys/net/ipv6/<br /> * 11.4 IPv6-related entries in /proc/sys/net/ipv4/<br /> * 11.5 IPv6-related entries in /proc/net/<br /><br />12. Netlink-Interface to kernel<br /><br />13. 網路 debugging<br /><br /> * 13.1 Server socket binding(綁定)<br /> * 13.2 Using "netstat" for server socket binding check<br /> * 13.3 Examples for tcpdump packet dumps<br /><br />14. Support for persistent IPv6 configuration in Linux distributions(在不同的發<br />行版中設定IPv6)<br /><br /> * 14.1 Red Hat Linux and "clones"(小紅帽和它的弟兄娣妹)<br /> * 14.2 Mandrake(曼德萊克)Linux <br /> * 14.3 SuSE(蘇澤斯)Linux <br /> * 14.4 Debian(迪比安)Linux<br /><br />15. 防火牆<br /><br /> * 15.1 使用 netfilter6防火牆<br /> * 15.2 更多的資訊:<br /> * 15.3 準備<br /> * 15.4 使用方法<br /> * 15.5 使用ip6tables<br /><br />16. 安全<br /><br /> * 16.1 Access limitations<br /> * 16.2 IPv6安全審核<br /> * 16.3 Security auditing using IPv6-enabled netcat(使用適應IPv6<br /> 的netcat)<br /> * 16.4 Security auditing using IPv6-enabled nmap<br /> * 16.5 Security auditing using IPv6-enabled strobe<br /> * 16.6 審核結果<br /><br />17. Encryption and Authentication(加密和認證)<br /><br /> * 17.1 用法<br /><br />18. 線上測試工具<br /><br />19. 其它資訊<br /><br /> * 19.1 線上資訊<br /> * 19.2 更多的資訊<br /> * 19.3 通信論壇<br /><br />20. 歷史<br /> _________________________________________________________________<br /><br />1. 概述<br /><br />1.1 版本<br /><br />Revision Release 0.31 2002-09-29 Revised by: PB<br />See revision history for more<br />Revision Release 0.30 2002-09-27 Revised by: PB<br />See revision history for more<br />Revision Release 0.29 2002-09-18 Revised by: PB<br /><br />1.2 版權,許可與其它<br /><br /> 版權所有: Peter Bieringer<br /><br />Copyright<br />Written and Copyright (C) 2001-2002 by Peter Bieringer<br /><br />1.1.2. License<br />This Linux IPv6 HOWTO is published under GNU GPL version 2:<br /><br />The Linux IPv6 HOWTO, a guide how to configure and use IPv6 on Linux systems.<br /><br />Copyright (C) 2001-2002 Peter Bieringer<br /><br /> This documentation is free software; you can redistribute it and/or modify<br />it<br /> under the terms of the GNU General Public License as published by the Free<br /> Sof