Linux¥Ö¥ë¡¼¥¿ ÀßÄê¥á¥â
IPv6¤Ç¤Ï¥Ö¥ê¥Ã¥¸¤È¤·¤ÆIPv4¤Ç¤Ï¥ë¡¼¥¿¤È¤·¤Æµ¡Ç½¤¹¤ë¥Ö¥ë¡¼¥¿¤òLinux¤Ç¹½ÃÛ¤¹¤ëÀßÄê¥á¥â¤Ç¤¹¡£»ÄÇ°¤Ê¤¬¤é¸½¹Ô¤ÎLinux¥Ç¥£¥¹¥È¥ê¥Ó¥å¡¼¥·¥ç¥ó¤Ç¤ÏÊ£»¨¤ÊÀßÄê¤òɬÍפȤ·¤Þ¤¹¡£
¥¿¡¼¥²¥Ã¥È¥Þ¥·¥ó¤Ïºòǯ¤Ë¹ØÆþ¤·¤¿Liva-Z
OS¤ÏCentOS7.4
IPv4¥ë¡¼¥¿¤ÎÀßÄê¤Ë¤Ä¤¤¤Æ¤ÏÀâÌÀ¾Êά¤·¤Þ¤¹¡£
1. firewalld¤ÎÄä»ß
CentOS7¤Ïfirewalld¤Ç¥Õ¥£¥ë¥¿¥ê¥ó¥°´ÉÍý¤ò¤·¤Æ¤¤¤Þ¤¹¤¬¡¢½¾Íè¤Îiptables¤ÎÊý¤¬´·¤ì¤Æ¤¤¤ë/ºÙ¤«¤¤¤È¤³¤í¤Þ¤ÇÀßÄê¤Ç¤¤ë¤Î¤Çfirewalld¤ò»ß¤á¤Þ¤¹¡£
$ sudo systemctl stop firewalld $ sudo systemctl disable firewalld |
2. ɬÍפʥ⥸¥å¡¼¥ë¤ÎƳÆþ¤È³«»Ï
$ sudo yum install iptables-services iptables-utils ebtables bridge-utils $ sudo systemctl start iptables $ sudo systemctl enable iptables $ sudo systemctl start ip6tables $ sudo systemctl enable ip6tables $ sudo systemctl start ebtables $ sudo systemctl enable ebtables |
ip6tables¤ÏIPv6ÈǤÎiptables¤Ç¤¹¡£
ebtables¤Ï¥Ö¥ê¥Ã¥¸ÍѤΥե£¥ë¥¿ÀßÄê¤Ç½ñ¼°¤Ï¤Û¤Üiptables¤ÈƱ¤¸¤Ç¤¹¡£
3. ɬÍפʥɥ饤¥Ð¤ÎƳÆþ¤È³«»Ï
¥Ö¥ê¥Ã¥¸¥Ç¥Ð¥¤¥¹¤Ç¥Õ¥£¥ë¥¿¥ê¥ó¥°µ¡Ç½¤òÍøÍÑ(ebtables¤Î»ÈÍÑ)¤¹¤ë¤¿¤á¤ËɬÍפʥǥХ¤¥¹¥É¥é¥¤¥Ð¤òƳÆþ¤·¤Þ¤¹¡£
°Ê²¼¤ÎÆâÍƤÎ/etc/modules-load.d/br_netfilter.conf¤òºîÀ®¤¹¤ë
#load br_netfilter.ko at boot
br_netfilter
¥É¥é¥¤¥Ð¤Î³«»Ï¤ò»Ø¼¨¤¹¤ë¡£
$ sudo systemctl restart systemd-modules-load.service |
4. ¥«¡¼¥Í¥ë¥Ñ¥é¥á¡¼¥¿¤ÎÀßÄê
°Ê²¼¤Î¹Ô¤ò/etc/sysctl.conf¤ËÄɲ乤ë (net.ipv4.ip_forward ¤Ï IPv4¥ë¡¼¥Æ¥£¥ó¥°¤Î¤¿¤á)¡£
net.ipv4.ip_forward = 1
net.ipv6.conf.all.accept_redirects = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
¥«¡¼¥Í¥ë¥Ñ¥é¥á¡¼¥¿¤òÀßÄꤹ¤ë
$ sudo sysctl -p |
5. ¥Ö¥ê¥Ã¥¸¥Í¥Ã¥È¥ï¡¼¥¯¥Ç¥Ð¥¤¥¹¤ÎÅÐÏ¿
Á°Äó: ¥¤¡¼¥µ¥Í¥Ã¥È¥Ç¥Ð¥¤¥¹¤Ï enp1s0 ¤È enp3s0 ¤Î2¤Ä¤¬Â¸ºß¤·¡¢IPv4¥ë¡¼¥¿¤È¤·¤ÆÀßÄêºÑ¤ß¤È¤¹¤ë
$ sudo nmcli connection add type bridge ifname br0 stp no |
¤³¤Îbridge-br0¤Ëenp1s0¤ÈƱÅù¤ÎÀßÄê¤ÈIPv6¤ÎÀßÄê¤ò¤·¤Æ¤¯¤À¤µ¤¤¡£
(Îã) $ sudo nmcli connection modify bridge-br0 ipv6.method auto |
¥Õ¥ê¥Ã¥¸¥Ç¥Ð¥¤¥¹¤¬³èÀ²½¤µ¤ì¤ë¤Èenp1s0¥Ç¥Ð¥¤¥¹¤Èenp3s0¥Ç¥Ð¥¤¥¹¤Ï¥Í¥Ã¥È¥ï¡¼¥¯¥Ç¥Ð¥¤¥¹¤È¤·¤Æµ¡Ç½¤·¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£
br0¤Î¥¤¡¼¥µMAC¥¢¥É¥ì¥¹¤Ïenp1s0¤Èbr0¤ÏƱ¤¸Èֹ椬¥¢¥µ¥¤¥ó¤µ¤ì¡¢br0¤ËÂФ·¤Æ¹Ô¤Ã¤¿ÀßÄê¤Ï¼Â¼Áenp1s0¤Ø¤ÎÀßÄê¤ÈƱ¤¸¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£
¤Þ¤¿´°Á´¤Ê¥Ö¥ê¥Ã¥¸¤È¤·¤ÆÆ°ºî¤·¤Æ¤¤¤ë´Ö¤Ïenp3s0¥Ç¥Ð¥¤¤Ë¥Í¥Ã¥È¥ï¡¼¥¯¥Î¡¼¥É¤È¤·¤Æ¤ÎÀßÄê¤ò¤¹¤ë¤³¤È¤Ï¤Ç¤¤Þ¤»¤ó¡£
6. ¥Ö¥ë¡¼¥¿ÀßÄê
ebtables¤Ë¤è¤ê¡¢IPv6¥Ñ¥±¥Ã¥È¤Ï¥Ö¥ê¥Ã¥¸½èÍý¡¢¤½¤Î¾¤Ï¥ë¡¼¥¿½èÍý¤¹¤ë¤è¤¦»ØÄꤷ¤Þ¤¹¡£
¤³¤ì¤Ë¤è¤ê½é¤á¤Æ¥Ö¥ë¡¼¥¿¤È¤·¤Æµ¡Ç½¤¹¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
$ sudo ebtables -t broute -F $ sudo ebtables -t broute -P BROUTING DROP $ sudo ebtables -t broute -A BROUTING -p IPv6 -j ACCEPT $ sudo ebtables -t broute -A BROUTING -d BGA -j ACCEPT $ sudo /usr/libexec/ebtables save |
ebtables¤ÎÀßÄê¤ò³Îǧ¤¹¤ë¤Ë¤Ï°Ê²¼¤Î¥³¥Þ¥ó¥É¤òÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£
$ sudo ebtables -t broute -L |
7. ¥Ö¥ë¡¼¥¿µ¯Æ°
/etc/sysconfig/network-scripts¤Îifcfg-enp1s0 ¤È ifcfg-enp3s0¤Î2¥Õ¥¡¥¤¥ë¤½¤ì¤¾¤ì¤Ë¼¡¤Î1¹Ô¤òÄɲä·¤Þ¤¹¡£
BRIDGE=br0
¤³¤ì¤Ë¤è¤ê¥Ö¥ê¥Ã¥¸Àܳ¤¹¤ëÀßÄê¤È¤Ê¤ê¤Þ¤¹¡£
¼¡¤Ëenp3s0¥Ç¥Ð¥¤¤Ë¥Í¥Ã¥È¥ï¡¼¥¯¥Î¡¼¥É¤È¤·¤Æ¤ÎÀßÄê¤ò¤¹¤ë¤¿¤á¡¢/etc/init.d/network¥¹¥¯¥ê¥×¥È¤ò¥Ï¥Ã¥¯¤·¤Þ¤¹¡£°Ê²¼¤Î¹ÔƬ¤Ë¡Ü¤¬¤Ä¤¤¤Æ¤¤¤ë¹Ô¤òÄɲä·¤Þ¤¹¡£
150 # IPv6 hook (post IPv4 start)
151 if [ -x /etc/sysconfig/network-scripts/init.ipv6-global ]; then
152 /etc/sysconfig/network-scripts/init.ipv6-global start post
153 fi
+154 # HACK for IPv4 Router / IPv6 Pass through bridge
+155 if [ -x /etc/sysconfig/network-scripts/init.passthru-brouter ]; then
+156 /etc/sysconfig/network-scripts/init.passthru-brouter start
+157 fi
158 # Run this again to catch any interface-specific actions
159 apply_sysctl
¤³¤ì¤Ë¤è¤ê¡¢¤¹¤Ù¤Æ¤Î¥Í¥Ã¥È¥ï¡¼¥¯ÀßÄê¤ò¤·¤¿ºÇ¸å¤Ë¡¢/etc/sysconfig/network-scripts/init.passthru-brouter¥¹¥¯¥ê¥×¥È¤¬¼Â¹Ô¤µ¤ì¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£¤³¤³¤Ëenp3s0¤ÎÀßÄꥹ¥¯¥ê¥×¥È¤ò¤¤¤ì¤ë¤³¤È¤ÇÀßÄê¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
ºÇ¸å¤Ë¡¢°Ê²¼¤Î¥³¥Þ¥ó¥É¤Çº£¤Þ¤ÇÀßÄꤷ¤¿¥Í¥Ã¥È¥ï¡¼¥¯¤òµ¯Æ°¤·¤Þ¤¹¡£
$ sudo systemctl daemon-reload $ sudo systemctl restart network |
brctl show¥³¥Þ¥ó¥É¤Ç¥Ö¥ê¥Ã¥¸¾õÂÖ¤ò³Îǧ¤·¤Æ¤¯¤À¤µ¤¤¡£°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤ì¤ÐÀ®¸ù¤Ç¤¹¡£
$ brctl showbridge name bridge id STP enabled interfaces br0 8000.f44d30add092 no enp1s0 enp3s0 |