IPv6 ルータガイド

From Gentoo Wiki
Jump to:navigation Jump to:search
This page is a translated version of the page IPv6 router guide and the translation is 56% complete.
Outdated translations are marked like this.


このガイドは、Gentoo Linux システム上での IPv6 ルーティングの構成に関する詳細を提供します。

インストール

カーネル

バージョン v2.6.0 以降のカーネルは、IPv6 をサポートしています。

root #emerge --ask sys-kernel/gentoo-sources
カーネル 必須の IPv6 オプション
[*] Networking support --->
    Networking options --->
        <M> The IPv6 protocol --->

Emerge

root #emerge --ask sys-apps/iproute2
root #emerge --ask net-misc/radvd

これより先に進める前に、将来のパッケージの emerge で IPv6 対応が含まれるように、make.conf 内の USE 変数のリストに ipv6 を追加しておいてください。

追加のソフトウェア

IPv6 の要素を専門で取り扱うパッケージがいくつか存在します。これらの多くは net-misc カテゴリ内に置かれています。

Package Description
net-misc/radvd Router advertisement daemon
net-misc/dhcpd ISC DHCP server, DHCPv4 and DHCPv6 capability
net-misc/dibbler DHCPv6 server
net-misc/ipv6calc Converts an IPv6 address to a compressed format
dev-perl/Socket6 IPv6 related part of the C socket.h defines and structure manipulators

IPv6 の状態を確認する

IPv6 が有効化されていれば、ループバックデバイスが IPv6 アドレスを表示しているはずです:

root #ip -6 addr show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever

構成

Obtaining an address and prefix

dhcpcd can be used to obtain a single, host only, /128 IPv6 address for the WAN interface, and a /64 IPv6 prefix for the LAN interface.

ファイル /etc/dhcpcd.confRequest a IPv6 prefix for eth0.lan and eth0.management to be routed publicly with eth0.wan.
# Disable router solicitations for all interfaces, enable only for selected ones
noipv6rs
 
# Interface configuration for the wan vlan on the eth0 interface
interface eth0.wan
  # Enable router solicitation for this interface
  ipv6rs
  # Request a normal address usins iaid 1 for interface eth0.wan
  ia_na 1
  # Request a prefix using iaid 2 and assign it to the eth0.lan interface using sla_id 0 and prefix size of 64
  ia_pd 2 eth0.lan/0/64
関連
Dhcpcd
警告
rfc6177 is barely seen as a recommendation by residential ISPs, Prefix Delegation may not work.

フォワーディングを有効化する

IPv6 で外部に接続したい他のクライアントのためのルータとしてシステムを使用するときには、さらなる構成設定が必要になります: IPv6 パケットのフォワーディングです。これは 2 通りの方法のどちらかで有効化できます。

root #sysctl -w net.ipv6.conf.all.forwarding=1
重要
The radvd init script used later enables (and disables) forwarding, making the next step unnecessary.

To assign IPv6 addresses to clients, the IPv6 specification allows both methods, stateless and stateful IP assignment. The IPv6 Stateless Address Autoconfiguration uses a process called Router Advertisement and allows clients to obtain an IP and a default route by simply bringing an interface up. It is called "stateless" because there is no record of IPs assigned and the host they are assigned to. Stateful assignment is handled by DHCPv6. It is "stateful" because the server keeps a state of the clients who have requested IPs and received them.

メモ
The IPv6 Stateless Address Autoconfiguration configures IP routing and connectivity, the DHCPv6 is required to assign IPv6 addresses, and provide information such as DNS servers.

ステートレス構成

Stateless configuration is easily accomplished using the Router Advertisement Daemon, or radvd:

/etc/radvd.conf is used to configure radvd, and is not created by default. If the IPv6 prefix configuration is left empty, the already assigned or configured IPv6 prefix is used:

ファイル /etc/radvd.confRouter Advertisement (RA) configuration for the eth0.lan interface.
interface eth0.lan
{
        # Enable sending advertisements on this interface
        AdvSendAdvert on;
        # Set the Managed flag, allowing DHCPv6 (optional)
        AdvManagedFlag on;
        # Define prefix specific settings, based on the assigned prefix
        prefix ::/64
        {
                # Advertise when this link comes up
                AdvOnLink on;
                # Advertise RFC 4862 compliance
                AdvAutonomous on;
        };
};
重要
The Router Advertisements (RA) are send periodically on the eth0.lan interface to the all-nodes multicast address. Using an interface connected to the LAN, local area network.
ヒント
Further information is available in man radvd.conf.

ステートフル構成

警告
Dibbler プロジェクトは終結しました。

To have a stateful configuration, install and configure net-misc/dibbler.

root #emerge --ask dibbler

Configure the dibbler client by editing /etc/dibbler/client.conf.

コード サンプル dibbler クライアント構成
iface ppp0 {
	rapid-commit yes
	pd
	option dns-server
}

Now start the dibbler client, and configure it to start at boot:

root #/etc/init.d/dibbler-client start
root #rc-update add dibbler-client default

サービス

OpenRC

To start radvd and start it on boot:

root #/etc/init.d/radvd start
root #rc-update add radvd default

DNS の構成

IPv6 と DNS

Just as DNS for IPv4 uses A records, DNS for IPv6 uses AAAA records. (This is because IPv4 is an address space of 2^32 while IPv6 is an address space of 2^128). For reverse DNS, the INT standard is deprecated but still widely supported. ARPA is the latest standard. Support for the ARPA format will be described here.

BIND の構成

Recent versions of BIND include excellent IPv6 support. This section will assume at least minimal knowledge about the configuration and use of BIND. We will assume that bind is not running in a chroot. If this assumption is wrong, simply append the chroot prefix to most of the paths in the following section.

First add entries for both forward and reverse DNS zone files in /etc/bind/named.conf.

ファイル /etc/bind/named.confnamed.conf entries
## (We allow bind to listen to IPv6 addresses.
## Using 'any' is the only way to do it prior to bind-9.3)
options {
    [...]
    listen-on-v6 { any; }
    [...]
};
## (This will provide the forward DNS for the domain 'ipv6-rules.com':)
zone "ipv6-rules.com" IN {
    type master;
    file "pri/ipv6-rules.com";
};
## (This format for reverse DNS is "bitwise." It's done by taking the IPv6 prefix,
## reversing the order of the numbers and putting a period between each number)
zone "6.9.2.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa" {
        type master;
        file "pri/rev-ipv6-rules.com.arpa";
};

Now zone files and entries will need added for all hosts:

ファイル /etc/bind/pri/ipv6-rules.com
$TTL    2h
@       IN      SOA     ipv6-rules.com. webmaster.ipv6-rules.com.  (
                                2003052501 ; Serial
                                28800      ; Refresh
                                14400      ; Retry
                                3600000    ; Expire
                                86400 )    ; Minimum
                NS      ns1.ipv6-rules.com
 
IN      AAAA    2001:470:1f00:296::1 ; address for ipv6-rules.com
host1   IN      AAAA    2001:470:1f00:296::2 ; address for host1.ipv6-rules.com
host2   IN      AAAA    2001:470:1f00:296::3:3 ; address for host2.ipv6-rules.com
ファイル /etc/bind/pri/ipv6-rules.com.arpa
$TTL 3d ; Default TTL (bind 8 needs this, bind 9 ignores it)
@       IN SOA ipv6-rules.com. webmaster.ipv6-rules.com. (
                        2003052501      ; Serial number (YYYYMMdd)
                        24h             ; Refresh time
                        30m             ; Retry time
                        2d              ; Expire time
                        3d )            ; Default TTL
        IN      NS     ns1.ipv6-rules.com.
; IPv6 PTR entries
$ORIGIN 6.9.2.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa.
 
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN      PTR     ipv6-rules.com.
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN      PTR     host1.ipv6-rules.com.
3.0.0.0.3.0.0.0.0.0.0.0.0.0.0.0 IN      PTR     host2.ipv6-rules.com.

DJBDNS の構成

There are currently some third-party patches available to the net-dns/djbdns package that allow it to do IPv6 name serving. DJBDNS can be installed with these patches by emerging it with ipv6 in the USE variable.

警告
Not all record types are support yet with these patches. In particular, NS and MX records are not supported.
root #emerge --ask net-dns/djbdns

After djbdns is installed, it can be setup by running tinydns-setup and answering a few questions about which IP addresses to bind to, where to install tinydns, etc.

root #tinydns-setup

Assuming tinydns has been installed into /var/tinydns, edit /var/tinydns/root/data. This file will contain all the data needed to get tinydns handling DNS for the IPv6 delegation.

コード sample data file
## (*.ipv6-rules.com is authoritatively handled by 192.168.0.1)
.ipv6-rules.com:192.168.0.1:a:259200
## (Authoritative reverse DNS for 2001:470:1f00:296::/64)
.6.9.2.0.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa:192.168.0.1:a
## (Specify the IPs for host1 and host2)
6host1.ipv6-rules.com:200104701f0002960000000000000001:86400
6host2.ipv6-rules.com:200104701f0002960000000000000002:86400
## (Point www to host1)
3www.ipv6-rules.com:200104701f0002960000000000000002:86400

Lines prefixed with a 6 will have both an AAAA and a PTR record created. Those prefixed with a 3 will only have an AAAA record created. Besides manually editing the data file, it is possible to use the scripts add-host6 and add-alias6 to add new entries. After changes are made to the data file, simply run make from /var/tinydns/root. This will create /var/tinydns/root/data.cfb, which tinydns will use as its source of information for DNS requests.

IPv6 クライアント

radvd を使用する

Clients behind this router should now be able to connect to the rest of the net via IPv6. If using radvd, configuring hosts should be as easy as bringing the interface up. (This is probably already done by the net.ethX init scripts).

root #ip link set eth0 up
root #ip addr show eth0
1: eth0: <BROADCAST,MULTICAST,UP> mtu 1400 qdisc pfifo_fast qlen 1000
    link/ether 00:01:03:2f:27:89 brd ff:ff:ff:ff:ff:ff
    inet6 2001:470:1f00:296:209:6bff:fe06:b7b4/128 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::209:6bff:fe06:b7b4/64 scope link
       valid_lft forever preferred_lft forever
    inet6 ff02::1/128 scope global
       valid_lft forever preferred_lft forever

Should this not work ensure that the IPv6 firewall is allowing ICMPv6 packets through:

root #ip6tables -A INPUT -p icmpv6 -j ACCEPT

トラブルシューティング

パッケージが IPv6 に対応していない

パッケージは典型的には ipv6 USE フラグ付きで emerge されますが、もし IPv6 が特定のプログラムで機能していないのであれば、まずそのプログラムがこのフラグ付きでビルドされているか確認するところから始めるのが良いでしょう。

メモ
/etc/portage/make.confUSE="ipv6" を追加しても問題はありませんが、不要である場合が多いです。
メモ
パッケージによっては (誤って) IPv6 対応を自動で検出し、そのため ipv6 USE フラグを持っていないものがあるかもしれません。そのため、IPv6 が有効化されたカーネルでコンパイルされていないと、IPv6 に対応できるのに対応していない、というパッケージが発生するかもしれません。

関連項目

外部資料

IPv6 に関する素晴らしいオンラインの資料が数多く存在します。

IRC では、Libera.Chat 上の #ipv6 (webchat) チャンネルを試してみてください。IPv6 が有効化されたクライアントを使用して irc.ipv6.libera.chat に接続することで、Libera.Chat サーバ群に接続できます。


This page is based on a document formerly found on our main website gentoo.org.
The following people contributed to the original document: Peter Johanson, Jorge Paulo, Camille Huot, Pasi Valminen, , Markos Chandras (Hwoarang)
They are listed here because wiki history does not allow for any external attribution. If you edit the wiki article, please do not add yourself here; your contributions are recorded on each article's associated history page.