IPv6 ルータガイド
このガイドは、Gentoo Linux システム上での IPv6 ルーティングの構成に関する詳細を提供します。
インストール
カーネル
バージョン v2.6.0 以降のカーネルは、IPv6 をサポートしています。
root #emerge --ask sys-kernel/gentoo-sources[*] Networking support --->
Networking options --->
<M> The IPv6 protocol --->
Emerge
root #emerge --ask sys-apps/iproute2root #emerge --ask net-misc/radvdこれより先に進める前に、将来のパッケージの emerge で IPv6 対応が含まれるように、make.conf 内の USE 変数のリストに ipv6 を追加しておいてください。
追加のソフトウェア
IPv6 の要素を専門で取り扱うパッケージがいくつか存在します。これらの多くは net-misc カテゴリ内に置かれています。
| Package | Description |
|---|---|
| net-misc/radvd | Router advertisement daemon |
| net-misc/dhcpd | ISC DHCP server, DHCPv4 and DHCPv6 capability |
| net-misc/dibbler | DHCPv6 server |
| net-misc/ipv6calc | Converts an IPv6 address to a compressed format |
| dev-perl/Socket6 | IPv6 related part of the C socket.h defines and structure manipulators |
IPv6 の状態を確認する
IPv6 が有効化されていれば、ループバックデバイスが IPv6 アドレスを表示しているはずです:
root #ip -6 addr show lo1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
構成
Obtaining an address and prefix
dhcpcd can be used to obtain a single, host only, /128 IPv6 address for the WAN interface, and a /64 IPv6 prefix for the LAN interface.
/etc/dhcpcd.confRequest a IPv6 prefix for eth0.lan and eth0.management to be routed publicly with eth0.wan.# Disable router solicitations for all interfaces, enable only for selected ones
noipv6rs
# Interface configuration for the wan vlan on the eth0 interface
interface eth0.wan
# Enable router solicitation for this interface
ipv6rs
# Request a normal address usins iaid 1 for interface eth0.wan
ia_na 1
# Request a prefix using iaid 2 and assign it to the eth0.lan interface using sla_id 0 and prefix size of 64
ia_pd 2 eth0.lan/0/64
Dhcpcd
rfc6177 is barely seen as a recommendation by residential ISPs, Prefix Delegation may not work.
フォワーディングを有効化する
IPv6 で外部に接続したい他のクライアントのためのルータとしてシステムを使用するときには、さらなる構成設定が必要になります: IPv6 パケットのフォワーディングです。これは 2 通りの方法のどちらかで有効化できます。
root #sysctl -w net.ipv6.conf.all.forwarding=1The radvd init script used later enables (and disables) forwarding, making the next step unnecessary.
To assign IPv6 addresses to clients, the IPv6 specification allows both methods, stateless and stateful IP assignment. The IPv6 Stateless Address Autoconfiguration uses a process called Router Advertisement and allows clients to obtain an IP and a default route by simply bringing an interface up. It is called "stateless" because there is no record of IPs assigned and the host they are assigned to. Stateful assignment is handled by DHCPv6. It is "stateful" because the server keeps a state of the clients who have requested IPs and received them.
The IPv6 Stateless Address Autoconfiguration configures IP routing and connectivity, the DHCPv6 is required to assign IPv6 addresses, and provide information such as DNS servers.
ステートレス構成
Stateless configuration is easily accomplished using the Router Advertisement Daemon, or radvd:
/etc/radvd.conf is used to configure radvd, and is not created by default. If the IPv6 prefix configuration is left empty, the already assigned or configured IPv6 prefix is used:
/etc/radvd.confRouter Advertisement (RA) configuration for the eth0.lan interface.interface eth0.lan
{
# Enable sending advertisements on this interface
AdvSendAdvert on;
# Set the Managed flag, allowing DHCPv6 (optional)
AdvManagedFlag on;
# Define prefix specific settings, based on the assigned prefix
prefix ::/64
{
# Advertise when this link comes up
AdvOnLink on;
# Advertise RFC 4862 compliance
AdvAutonomous on;
};
};
The Router Advertisements (RA) are send periodically on the eth0.lan interface to the all-nodes multicast address. Using an interface connected to the LAN, local area network.
Further information is available in man radvd.conf.
ステートフル構成
Dibbler プロジェクトは終結しました。
To have a stateful configuration, install and configure net-misc/dibbler.
root #emerge --ask dibblerConfigure the dibbler client by editing /etc/dibbler/client.conf.
iface ppp0 {
rapid-commit yes
pd
option dns-server
}
Now start the dibbler client, and configure it to start at boot:
root #/etc/init.d/dibbler-client start
root #rc-update add dibbler-client default
サービス
OpenRC
To start radvd and start it on boot:
root #/etc/init.d/radvd start
root #rc-update add radvd default
DNS の構成
IPv6 と DNS
Just as DNS for IPv4 uses A records, DNS for IPv6 uses AAAA records. (This is because IPv4 is an address space of 2^32 while IPv6 is an address space of 2^128). For reverse DNS, the INT standard is deprecated but still widely supported. ARPA is the latest standard. Support for the ARPA format will be described here.
BIND の構成
Recent versions of BIND include excellent IPv6 support. This section will assume at least minimal knowledge about the configuration and use of BIND. We will assume that bind is not running in a chroot. If this assumption is wrong, simply append the chroot prefix to most of the paths in the following section.
First add entries for both forward and reverse DNS zone files in /etc/bind/named.conf.
/etc/bind/named.confnamed.conf entries## (We allow bind to listen to IPv6 addresses.
## Using 'any' is the only way to do it prior to bind-9.3)
options {
[...]
listen-on-v6 { any; }
[...]
};
## (This will provide the forward DNS for the domain 'ipv6-rules.com':)
zone "ipv6-rules.com" IN {
type master;
file "pri/ipv6-rules.com";
};
## (This format for reverse DNS is "bitwise." It's done by taking the IPv6 prefix,
## reversing the order of the numbers and putting a period between each number)
zone "6.9.2.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa" {
type master;
file "pri/rev-ipv6-rules.com.arpa";
};
Now zone files and entries will need added for all hosts:
/etc/bind/pri/ipv6-rules.com$TTL 2h
@ IN SOA ipv6-rules.com. webmaster.ipv6-rules.com. (
2003052501 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
NS ns1.ipv6-rules.com
IN AAAA 2001:470:1f00:296::1 ; address for ipv6-rules.com
host1 IN AAAA 2001:470:1f00:296::2 ; address for host1.ipv6-rules.com
host2 IN AAAA 2001:470:1f00:296::3:3 ; address for host2.ipv6-rules.com
/etc/bind/pri/ipv6-rules.com.arpa$TTL 3d ; Default TTL (bind 8 needs this, bind 9 ignores it)
@ IN SOA ipv6-rules.com. webmaster.ipv6-rules.com. (
2003052501 ; Serial number (YYYYMMdd)
24h ; Refresh time
30m ; Retry time
2d ; Expire time
3d ) ; Default TTL
IN NS ns1.ipv6-rules.com.
; IPv6 PTR entries
$ORIGIN 6.9.2.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa.
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR ipv6-rules.com.
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR host1.ipv6-rules.com.
3.0.0.0.3.0.0.0.0.0.0.0.0.0.0.0 IN PTR host2.ipv6-rules.com.
DJBDNS の構成
There are currently some third-party patches available to the net-dns/djbdns package that allow it to do IPv6 name serving. DJBDNS can be installed with these patches by emerging it with ipv6 in the USE variable.
Not all record types are support yet with these patches. In particular, NS and MX records are not supported.
root #emerge --ask net-dns/djbdnsAfter djbdns is installed, it can be setup by running tinydns-setup and answering a few questions about which IP addresses to bind to, where to install tinydns, etc.
root #tinydns-setupAssuming tinydns has been installed into /var/tinydns, edit /var/tinydns/root/data. This file will contain all the data needed to get tinydns handling DNS for the IPv6 delegation.
## (*.ipv6-rules.com is authoritatively handled by 192.168.0.1)
.ipv6-rules.com:192.168.0.1:a:259200
## (Authoritative reverse DNS for 2001:470:1f00:296::/64)
.6.9.2.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa:192.168.0.1:a
## (Specify the IPs for host1 and host2)
6host1.ipv6-rules.com:200104701f0002960000000000000001:86400
6host2.ipv6-rules.com:200104701f0002960000000000000002:86400
## (Point www to host1)
3www.ipv6-rules.com:200104701f0002960000000000000002:86400
Lines prefixed with a 6 will have both an AAAA and a PTR record created. Those prefixed with a 3 will only have an AAAA record created. Besides manually editing the data file, it is possible to use the scripts add-host6 and add-alias6 to add new entries. After changes are made to the data file, simply run make from /var/tinydns/root. This will create /var/tinydns/root/data.cfb, which tinydns will use as its source of information for DNS requests.
IPv6 クライアント
radvd を使用する
Clients behind this router should now be able to connect to the rest of the net via IPv6. If using radvd, configuring hosts should be as easy as bringing the interface up. (This is probably already done by the net.ethX init scripts).
root #ip link set eth0 up
root #ip addr show eth01: eth0: <BROADCAST,MULTICAST,UP> mtu 1400 qdisc pfifo_fast qlen 1000
link/ether 00:01:03:2f:27:89 brd ff:ff:ff:ff:ff:ff
inet6 2001:470:1f00:296:209:6bff:fe06:b7b4/128 scope global
valid_lft forever preferred_lft forever
inet6 fe80::209:6bff:fe06:b7b4/64 scope link
valid_lft forever preferred_lft forever
inet6 ff02::1/128 scope global
valid_lft forever preferred_lft forever
Should this not work ensure that the IPv6 firewall is allowing ICMPv6 packets through:
root #ip6tables -A INPUT -p icmpv6 -j ACCEPTトラブルシューティング
パッケージが IPv6 に対応していない
パッケージは典型的には ipv6 USE フラグ付きで emerge されますが、もし IPv6 が特定のプログラムで機能していないのであれば、まずそのプログラムがこのフラグ付きでビルドされているか確認するところから始めるのが良いでしょう。
/etc/portage/make.conf に
USE="ipv6" を追加しても問題はありませんが、不要である場合が多いです。パッケージによっては (誤って) IPv6 対応を自動で検出し、そのため ipv6 USE フラグを持っていないものがあるかもしれません。そのため、IPv6 が有効化されたカーネルでコンパイルされていないと、IPv6 に対応できるのに対応していない、というパッケージが発生するかもしれません。
関連項目
- IPv6 — the most recent version of the Internet Protocol (IP)
- IPv6 tunnels
外部資料
IPv6 に関する素晴らしいオンラインの資料が数多く存在します。
- www.ipv6.org - IPv6 一般の情報
- www.linux-ipv6.org/ - USAGI プロジェクト
- www.deepspace6.net - Linux/IPv6 の web サイト
- www.kame.net - *BSD の実装
- RFC 4861 - Neighbor Discovery for IP version 6 (IPv6)
- RFC 4862 - IPv6 Stateless Address Autoconfiguration
IRC では、Libera.Chat 上の #ipv6 (webchat) チャンネルを試してみてください。IPv6 が有効化されたクライアントを使用して irc.ipv6.libera.chat に接続することで、Libera.Chat サーバ群に接続できます。
This page is based on a document formerly found on our main website gentoo.org.
The following people contributed to the original document: Peter Johanson, Jorge Paulo, Camille Huot, Pasi Valminen, , Markos Chandras (Hwoarang)
They are listed here because wiki history does not allow for any external attribution. If you edit the wiki article, please do not add yourself here; your contributions are recorded on each article's associated history page.