6
自建NAT64服务器
source link: https://www.taterli.com/8290/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
自建NAT64服务器
- 由 TaterLi
- 2021年9月21日2021年9月21日
对于纯V6的网络而言,NAT64是他访问V4网站的一个很不错的方法,网上也有很多公开的NAT64服务器,但是人比较多,也比较挤,那么可以考虑自建.
需要准备的原材料:
- 链接前缀:2a0e:aa07:e024:1f::/64
- 路由前缀:2a0e:aa07:e024:20::/64
- 公网IPv4:192.3.48.179 (NAT机也可以)
- 系统:Debian 11 (其他Unix-Lilke系统也可以)
安装相关的工具:
apt -y install unbound dnsutils jool-dkms jool-tools配置unbound(文件:/etc/unbound/unbound.conf.d/dns64.conf):
server:
verbosity: 2
pidfile: "/var/run/unbound.pid"
use-syslog: yes
module-config: "dns64 iterator"
dns64-prefix: 2a0e:aa07:e024:20:cafe:babe::/96
dns64-synthall: no
interface: ::0
port: 53
access-control: ::0/0 allow
forward-zone:
name: "."
forward-addr: 8.8.8.8配置jool(文件:/lib/systemd/system/jool-nat64.service):
[Unit]
Description=jool NAT64 Service
After=network.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStartPre=/sbin/modprobe jool
ExecStart=/usr/bin/jool instance add "default" --netfilter --pool6 2a0e:aa07:e024:20:cafe:babe::/96
ExecStop=/usr/bin/jool instance remove "default"
CapabilityBoundingSet=CAP_SYS_MODULE CAP_NET_ADMIN
NoNewPrivileges=yes
ProtectSystem=strict
ProtectHome=yes
InaccessiblePaths=/tmp /dev
ProtectKernelTunables=yes
ProtectKernelModules=no
ProtectControlGroups=yes
RestrictAddressFamilies=AF_NETLINK
RestrictNamespaces=yes
LockPersonality=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
SystemCallArchitectures=native
[Install]
WantedBy=multi-user.target使能服务然后重启(使内核模块有效):
systemctl enable jool-nat64
systemctl enable unbound
reboot现在打开一个V6 Only的机器测试,或者你闲着的也可以屏蔽V4测试.然后修改DNS为2a0e:aa07:e024:1f::1,即我的NAT64服务器地址,用JustHost IPv6机实测结果.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK