Knowledgebase: Nasıl Yapılır?
Labris UTM IPv6 Yapılandırması
Posted by Murat BÜLBÜL on 11 September 2014 08:56 AM

Labris IPV6 How to:
Test Topoloji:
ROUTER----> Labris  ----> Windows 2012 R2 server(DNS SERVER)


IPV6 INFO:

Router:

 IPv4: 192.168.200.1/24

IPv6: 2a00:1450:4016:200::1/64

 


Windows 2012 R2 server:

 IPv4: 192.168.250.10/24

 GW: 192.168.250.1

 IPv6: 2a00:1450:4016:250::2/64

GW: 2a00:1450:4016:250::1



Labris tarafında /etc/sysconfig/network-scripts/ dizini altındaki arabirim konfigürasyonları aşağıdaki gibi düzenlenir:
LABRIS CONF:
Labris WAN:
BOOTPROTO=static

DEVICE=eth2

IPADDR=192.168.200.2

NETMASK=255.255.255.0

IPV6INIT=yes

IPV6ADDR=2a00:1450:4016:200::2/64

IPV6_DEFAULTGW=2a00:1450:4016:200::1

ONBOOT=yes

NOZEROCONF=yes

 


Labris DMZ:


BOOTPROTO=static

DEVICE=eth3

IPADDR=192.168.250.1

NETMASK=255.255.255.0

IPV6INIT=yes

IPV6ADDR=2a00:1450:4016:250::1/64

ONBOOT=yes

NOZEROCONF=yes



IPV6 özelliği aktif edilir:


$vi /etc/sysconfig/network
NETWORKING=yes

NETWORKING_IPV6=yes

HOSTNAME=labris

 

IPV6 ile ilgili aşağıdaki özellikler açılır:

sysctl net.ipv6.conf.all.forwarding=1

sysctl net.ipv6.conf.default.forwarding=1

veya

echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

echo 1 > /proc/sys/net/ipv6/conf/default/forwarding

 

 

Bu özellikler /etc/sysctl-custom.conf dosyasına eklenir.

net.ipv6.conf.all.forwarding = 1

net.ipv6.conf.default.forwarding = 1

 


Servisler yeniden başlatılır:

$service network restart;service labris-iproute restart


IPV6 Route Tablosuna aşağıdaki gibi bakılabilir:
  $route -n -A inet6 

 

Ping veya traceroute testleri yapılabilir:
$ping6 2a00:1450:4016:200::1

$ping6 ipv6.google.com $traceroute6

ipv6.google.com

IP6TABLES kurallar oluşturulur:(Dışardan gelen DNS istekleri DNS SERVER a gitmektedir)
ip6tables -F

ip6tables -X

ip6tables -I INPUT -j DROP

ip6tables -I INPUT -j LOG --log-prefix "_lfp_ DROP IPV6 " --log-level 6
ip6tables -I OUTPUT -j DROP

ip6tables -I OUTPUT -j LOG --log-prefix "_lfp_ DROP IPV6 " --log-level 6
ip6tables -I FORWARD -j DROP

ip6tables -I FORWARD -j LOG --log-prefix "_lfp_ DROP IPV6 " --log-level 6
ip6tables -I FORWARD -p tcp --dport 53 -d 2a00:1450:4016:250::2 -j ACCEPT

ip6tables -I FORWARD -p tcp --dport 53 -d 2a00:1450:4016:250::2 -j LOG --log-prefix "_lfp_ ACCEPT IPV6 " --log-level 6
ip6tables -I FORWARD -p tcp --sport 53 -s 2a00:1450:4016:250::2 -j ACCEPT

ip6tables -I FORWARD -p tcp --sport 53 -s 2a00:1450:4016:250::2 -j LOG --log-prefix "_lfp_ ACCEPT IPV6 " --log-level 6
ip6tables -I INPUT -p icmpv6 -j ACCEPT

ip6tables -I INPUT -p icmpv6 -j LOG --log-prefix "_lfp_ ACCEPT IPV6 " --log-level 6
ip6tables -I OUTPUT -p icmpv6 -j ACCEPT

ip6tables -I OUTPUT -p icmpv6 -j LOG --log-prefix "_lfp_ ACCEPT IPV6 " --log-level 6
ip6tables -I FORWARD -p icmpv6 -j ACCEPT

ip6tables -I FORWARD -p icmpv6 -j LOG --log-prefix "_lfp_ ACCEPT IPV6 " --log-level 6

Kuralların Kalıcı Olması İçin aşağıdaki işlemler yapılır:
$ip6tables-save > /etc/sysconfig/ip6tables

Daha Sonra Kuralların Kalıcı Olduğu Test edilir:
$/etc/init.d/ip6tables stop$/etc/init.d/ip6tables start

(0 vote(s))
This article was helpful
This article was not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
Help Desk Software by Kayako Fusion