老哥们，路由已有 pb 前缀，设备 ipv6 依然无法上网

IPV6

ip6tables

老哥

公网

25 条回复 • 2021-12-06 08:56:14 +08:00

1

datou

2021-11-29 18:45:04 +08:00

直连电脑 pppoe 拨号看看 v6 通不通

2

sorasyl

OP

2021-11-29 18:50:22 +08:00

@datou 电脑 pppoe 拨号正常，实际上路由器加上我说的那条 iptable 也可以上网，但是这相当于组了一个 ipv6 的 nat

3

acbot

2021-11-29 18:52:42 +08:00

啥信息都没有，怎么弄？查看一下 v6 的默认路由 / v6 网关 / v6 的防火墙, 另外用 tracert/traceroute 看一下路由, 一般 wan 口 DHCP 获得的 v6 地址和 pd 不在一个网段极端的情况有可能 pd 这个网段运营商没有路由.

4

jousca

2021-11-29 21:16:45 +08:00

路由器的 IPV6 模式请选择穿透，路由器不参与任何 IPV6 管理。客户机要直接从光猫拿地址。

5

sorasyl

OP

2021-11-30 00:46:50 +08:00

@acbot 路由器 traceout 科大论坛，如下：
traceroute to bbs6.ustc.edu.cn (2001:da8:d800::3), 30 hops max, 64 byte packets
1 240e:398:332:: 5.750 ms
2 240e:16:1002:c00::2 8.172 ms

设备无法 ping 通路由器分配的网关：
ping6 fe80::1e40:e8ff:fe12:327d
PING6(56=40+8+8 bytes) fe80::463:37b7:e560:f9c4%en0 --> fe80::1e40:e8ff:fe12:327d
ping6: sendmsg: No route to host
ping6: wrote fe80::1e40:e8ff:fe12:327d 16 chars, ret=-1

v6 路由表如下
Destination Next Hop Flags Metric Ref Use Iface
::/0 fe80::ce1a:faff:feea:e1a0 UG 512 2 0 pppoe-wan
::/0 fe80::ce1a:faff:feea:e1a0 UG 512 6 0 pppoe-wan
240e:398:332:5f::/64 :: U 256 2 0 pppoe-wan
240e:398:332:5f::/64 :: !n 2147483647 2 0 lo
240e:39b:3a1:b70::/64 :: U 1024 1 0 br-lan
240e:39b:3a1:b70::/60 :: !n 2147483647 1 0 lo
fe80::1e40:e848:7512:327c/128 :: U 256 1 0 pppoe-wan
fe80::ce1a:faff:feea:e1a0/128 :: U 1 1 0 pppoe-wan
fe80::/64 :: U 256 1 0 eth0.2
fe80::/64 :: U 256 1 0 eth0
fe80::/64 :: U 256 2 0 br-lan
fe80::/64 :: U 256 1 0 wlan0
fe80::/64 :: U 256 1 0 wlan1
::/0 :: !n -1 2 0 lo
::1/128 :: Un 0 7 0 lo
240e:398:332:5f::/128 :: Un 0 3 0 pppoe-wan
240e:398:332:5f:1e40:e848:7512:327c/128 :: Un 0 4 0 pppoe-wan
240e:39b:3a1:b70::/128 :: Un 0 3 0 br-lan
240e:39b:3a1:b70::1/128 :: Un 0 5 0 br-lan
fe80::/128 :: Un 0 3 0 eth0.2
fe80::/128 :: Un 0 3 0 eth0
fe80::/128 :: Un 0 3 0 br-lan
fe80::/128 :: Un 0 3 0 wlan0
fe80::/128 :: Un 0 3 0 wlan1
fe80::1e40:e848:7512:327c/128 :: Un 0 5 0 pppoe-wan
fe80::1e40:e8ff:fe12:327c/128 :: Un 0 4 0 eth0.2
fe80::1e40:e8ff:fe12:327c/128 :: Un 0 2 0 eth0
fe80::1e40:e8ff:fe12:327d/128 :: Un 0 3 0 br-lan
fe80::1e40:e8ff:fe12:327e/128 :: Un 0 3 0 wlan0
fe80::1e40:e8ff:fe12:327f/128 :: Un 0 2 0 wlan1
ff00::/8 :: U 256 4 0 eth0.2
ff00::/8 :: U 256 2 0 pppoe-wan
ff00::/8 :: U 256 1 0 eth0
ff00::/8 :: U 256 4 0 br-lan
ff00::/8 :: U 256 1 0 wlan0
ff00::/8 :: U 256 1 0 wlan1
::/0 :: !n -1 2 0 lo

6

acbot

2021-11-30 09:35:50 +08:00

@sorasyl 根据上面的信息你 WAN 口 dhcp 得到的地址是：240e:398:332:5f::/64 这个段，分配的 PD 段是：240e:39b:3a1:b70::/60 ，你这个 PD 段我发现运营商可能没有对外发布路由，你可以在路由器上用 ping 命令指定源地址或者是接口分别测试一下两个地址段对外的路由，比如：traceroute bbs6.ustc.edu.cn -s 240e:398:332:5f:1e40:e848:7512:327c （ pppoe-wan v6 公网）或者 traceroute bbs6.ustc.edu.cn -s 240e:39b:3a1:b70::1 （ br-lan pd 公网）注：地址随时会变，另外如果你用 WAN 口的 v6 地址 NAT 能访问你也可以把路由器的 v6 地址分配改成代理 /桥接 /穿透模式（路由器不一样叫法不一样）直接使用运营商 dhcp 来给你内网分配 v6 地址。

7

sorasyl

OP

2021-11-30 22:58:36 +08:00

@acbot 感谢老哥，我用 traceroute 分别测试了:
traceroute6 -s 240e:39b:3a1:b70::1 bbs6.ustc.edu.cn
traceroute to bbs6.ustc.edu.cn (2001:da8:d800::3) from 240e:39b:3a1:b70::1, 30 hops max, 64 byte packets
1 240e:398:332:: (240e:398:332::) 6.888 ms 6.529 ms 4.333 ms
2 240e:16:1002:a706::2 (240e:16:1002:a706::2) 7.710 ms 4.169 ms 240e:16:1002:c0b::2 (240e:16:1002:c0b::2) 5.613 ms
3 *

traceroute6 -s 240e:398:332:5f:1e40:e848:7512:327c bbs6.ustc.edu.cn
traceroute to bbs6.ustc.edu.cn (2001:da8:d800::3) from 240e:398:332:5f:1e40:e848:7512:327c, 30 hops max, 64 byte packets
1 240e:398:332:: (240e:398:332::) 5.821 ms 5.471 ms 4.521 ms
2 240e:16:1000:6bf::2 (240e:16:1000:6bf::2) 16.984 ms 4.733 ms 240e:16:1002:a711::2 (240e:16:1002:a711::2) 6.638 ms
3 240e:16:1001:10f::2 (240e:16:1001:10f::2) 4.998 ms 240e:16:1001:12b::2 (240e:16:1001:12b::2) 3.459 ms 240e:16:1001:114::2 (240e:16:1001:114::2) 4.751 ms
4 240e::1:31:81:5402 (240e::1:31:81:5402) 38.134 ms 39.012 ms 240e::1:31:81:5302 (240e::1:31:81:5302) 39.610 ms
5 *

以上为关闭 ip6tables 测试

8

sorasyl

OP

2021-11-30 23:50:43 +08:00

@acbot traceroute6 bbs6.ustc.edu.cn -s 240e:398:332:5f:1e40:e89f:3312:327c
traceroute to bbs6.ustc.edu.cn (2001:da8:d800::3) from 240e:398:332:5f:1e40:e89f:3312:327c, 30 hops max, 64 byte packets
1 240e:398:332:: (240e:398:332::) 7.669 ms 5.845 ms 4.481 ms
2 240e:16:1000:702::2 (240e:16:1000:702::2) 4.386 ms 8.288 ms 240e:16:1000:703::2 (240e:16:1000:703::2) 11.790 ms
3 240e:16:1001:26::2 (240e:16:1001:26::2) 4.119 ms 240e:16:1001:2d::2 (240e:16:1001:2d::2) 4.968 ms 240e:16:1001:e::2 (240e:16:1001:e::2) 10.552 ms
4 240e::1:31:81:6022 (240e::1:31:81:6022) 34.381 ms * 240e::1:31:81:6402 (240e::1:31:81:6402) 30.460 ms
5 * * *
6 240e::e:3:2008:403 (240e::e:3:2008:403) 38.569 ms 37.962 ms 39.352 ms
7 2001:da8:2:704::1 (2001:da8:2:704::1) 37.627 ms 35.178 ms 43.262 ms
8 2001:da8:2:16::2 (2001:da8:2:16::2) 47.890 ms 46.925 ms 46.816 ms
9 2001:da8:2:f::1 (2001:da8:2:f::1) 47.488 ms 46.611 ms 48.111 ms
10 2001:da8:2:e::2 (2001:da8:2:e::2) 55.295 ms 55.932 ms 60.028 ms
11 * * 2001:da8:2:111::2 (2001:da8:2:111::2) 59.003 ms
12 2001:da8:b3:14::2 (2001:da8:b3:14::2) 60.921 ms 61.645 ms 61.812 ms
13 2001:da8:b3:101::10 (2001:da8:b3:101::10) 58.573 ms 53.646 ms 56.812 ms
14 bbs6.ustc.edu.cn (2001:da8:d800::3) 54.360 ms 55.533 ms 56.945 ms

测试应该就是运营商没有对外发布路由

9

flynaj

2021-12-01 01:28:45 +08:00 via Android

用 openwrt 21.02 测试一下。老版本可能有 bug.

10

acbot

2021-12-01 09:05:50 +08:00

@sorasyl 这个应该是 PD 池配错了导致的。你哪里 PD 正常情况应该是 240e:399:: / 240e:39A:: 这样开头的段才对。你可以 10000 号上报一下故障，这个一般是数据或者网络部门的人才能处理，一线的装维是处理不了的。

11

qbqbqbqb

2021-12-01 12:43:33 +08:00

@sorasyl 看来是运营商的锅，自己没办法解决。

12

sorasyl

OP

2021-12-02 21:28:53 +08:00

@acbot ip6tables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp anywhere anywhere tcp dpt:8087 to:[fd61:3912:b533::16e]:8087

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all anywhere anywhere

路由器 ping 设备
ping6 fd61:3912:b533::16e
PING fd61:3912:b533::16e(fd61:3912:b533::16e) 56 data bytes
64 bytes from fd61:3912:b533::16e: icmp_seq=1 ttl=64 time=5.41 ms
64 bytes from fd61:3912:b533::16e: icmp_seq=2 ttl=64 time=1.71 ms
--- fd61:3912:b533::16e ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 1.706/3.556/5.407/1.850 ms

已实现内部设备 v6 NAT 上网，但我使用以下规则无法实现端口转发，请教下如何排查问题
ip6tables -I INPUT -p tcp --dport 8087 -j ACCEPT
ip6tables -t nat -I PREROUTING -p tcp --dport 8087 -j DNAT --to [fd61:3912:b533::16e]:8087

13

acbot

2021-12-03 09:00:12 +08:00

你分别试试：ip6tables -I INPUT -m conntrack --ctstate DNAT -j ACCEPT 或者 ip6tables -t filter -I FORWARD -m conntrack --ctstate DNAT -j ACCEPT 注意规则位置不要再默认 drop 后，简单就算允许 DNAT 状态包进。我很奇怪，PD 不通，你为何不直通或者中继 WAN 口的 v6 段呢？

14

sorasyl

OP

2021-12-03 11:04:14 +08:00

@acbot 添加了之后,table 如下
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all anywhere anywhere ctstate DNAT
forwarding_rule all anywhere anywhere /* !fw3: Custom forwarding rule chain */
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
zone_lan_forward all anywhere anywhere /* !fw3 */
zone_wan_forward all anywhere anywhere /* !fw3 */
reject all anywhere anywhere /* !fw3 */

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp anywhere anywhere tcp dpt:32400
ACCEPT all anywhere anywhere ctstate DNAT
ACCEPT tcp anywhere anywhere tcp dpt:ssh
ACCEPT tcp anywhere anywhere tcp dpt:7788
ACCEPT all anywhere anywhere /* !fw3 */
input_rule all anywhere anywhere /* !fw3: Custom input rule chain */
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED /* !fw3 */
syn_flood tcp anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN /* !fw3 */
zone_lan_input all anywhere anywhere /* !fw3 */
zone_wan_input all anywhere anywhere /* !fw3 */

telnet 该端口超时
telnet -6 240e:398:332:9:1e40:e8cd:7b12:327c 32400
Trying 240e:398:332:9:1e40:e8cd:7b12:327c...
telnet: connect to address 240e:398:332:9:1e40:e8cd:7b12:327c: Operation timed out
telnet: Unable to connect to remote host

15

sorasyl

OP

2021-12-03 11:06:57 +08:00

@sorasyl ip6tables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp anywhere anywhere tcp dpt:32400 to:[fdb1:98b4:438b::7f8]:32400

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all anywhere anywhere

16

acbot

2021-12-03 14:32:25 +08:00

ip6tables -t nat -A prerouting_wan_rule -p tcp -m tcp --dport 8087 -j DNAT --to-destination [fd61:3912:b533::16e]:8087
ip6tables -t filter -A forwarding_wan_rule -m conntrack --ctstate DNAT -j ACCEPT

按理来说添加这两条规则就可以了，现在你的问题有可能出在 IPv6 masquerading 上，因为我没有调试过 NAT 方式的端口转发，所以你只能把防火墙 debug 打开自己调试看日志卡哪里了才能判断。

17

acbot

2021-12-03 14:44:51 +08:00

@sorasyl 我的环境不一样我内网的机器都是公网 v6 下做的端口转发。

18

sorasyl

OP

2021-12-03 17:33:13 +08:00

@acbot 老哥，我试了下改成中继，直接关闭了 lan 的 dhcpv6 ，但是设备拿到的始终是 fe 开头的内网 ip ，不是 isp 下发的公网 ip

19

acbot

2021-12-03 19:45:03 +08:00

@sorasyl

打开 OpenWRT 设置–>接口–>LAN->DHCP 服务器–>IPV6 设置把路由通告服务、DHCPv6 服务、NDP 代理全部设置为中继模式，注意不勾上选项总是通告默认路由

检查 LAN 口设置

20

acbot

2021-12-03 19:47:31 +08:00

对应代码里就应该是类似这样

config dhcp 'lan'
option interface 'lan'

....

option ndp 'relay'
option dhcpv6 'relay'
option ra 'relay'

21

sorasyl

OP

2021-12-04 21:11:04 +08:00

@acbot network 设置如下
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option delegate '0'

config device
option name 'br-wan'
option type 'bridge'
list ports 'eth1'
list ports 'eth0'

config interface 'wan'
option device 'br-wan'
option proto 'pppoe'
option username 'CD65772695'
option password '65772695'
option ipv6 '1'

config interface 'wan6'
option proto 'dhcpv6'
option device '@wan'
option reqaddress 'try'
option reqprefix 'no'

dhcp 设置如下
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option ra 'relay'
option dhcpv6 'relay'
option ndp 'relay'
list ra_flags 'none'
option ndproxy_routing '0'

config dhcp 'wan'
option interface 'wan'
option ignore '1'
list ra_flags 'none'

config dhcp 'wan6'
option interface 'wan6'
option ignore '1'
option master '1'
option ra 'relay'
option dhcpv6 'relay'
option ndp 'relay'
list ra_flags 'none'
option ndproxy_routing '0'

22

sorasyl

OP

2021-12-04 21:17:03 +08:00

@sorasyl 设备已经能正确获取到公网 ip ，但依旧找不到路由
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 3c:06:30:4b:73:6f
inet6 fe80::463:37b7:e560:f9c4%en0 prefixlen 64 secured scopeid 0xb
inet 192.168.1.227 netmask 0xffffff00 broadcast 192.168.1.255
inet6 240e:398:332:129:df:95f1:506a:c13b prefixlen 64 autoconf secured
inet6 240e:398:332:129:19ba:8549:eb48:faaa prefixlen 64 autoconf temporary
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active

但设备无法找到正确路由
traceroute6 -s 240e:398:332:129:19ba:8549:eb48:faaa bbs6.ustc.edu.cn
traceroute6 to bbs6.ustc.edu.cn (2001:da8:d800::3) from 240e:398:332:129:19ba:8549:eb48:faaa, 64 hops max, 12 byte packets
1 * * *
2 * * *
3 *

23

sorasyl

OP

2021-12-04 21:18:27 +08:00

路由器 v6 路由表
route -A inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
::/0 fe80::ce1a:faff:feea:e1a0 UG 512 5 0 pppoe-wan
240e:398:332:129:11dc:91a6:7884:44a8/128 :: U 1024 4 0 pppoe-wan
240e:398:332:129:1511:ff98:66a9:2b16/128 :: U 1024 1 0 pppoe-wan
240e:398:332:129:300d:2bfd:ffab:91e8/128 :: U 1024 2 0 pppoe-wan
240e:398:332:129:36c9:3dff:fe0f:361/128 :: U 1024 3 0 pppoe-wan
240e:398:332:129:45f2:786d:9abc:b052/128 :: U 1024 2 0 pppoe-wan
240e:398:332:129:705b:d6f0:90d5:8530/128 :: U 1024 1 0 pppoe-wan
240e:398:332:129:95a9:1ffa:f7b6:7d4e/128 :: U 1024 3 0 pppoe-wan
240e:398:332:129:a0eb:4c21:5428:f5ec/128 :: U 1024 3 0 pppoe-wan
240e:398:332:129:c82c:8b6c:196c:9914/128 :: U 1024 3 0 pppoe-wan
240e:398:332:129::/64 :: UA 256 2 0 pppoe-wan
240e:398:332:129::/64 :: !n 2147483647 1 0 lo
fe80::1e40:e8d7:7612:327d/128 :: U 256 1 0 pppoe-wan
fe80::ce1a:faff:feea:e1a0/128 :: U 1 1 0 pppoe-wan
fe80::/64 :: U 256 2 0 br-wan
fe80::/64 :: U 256 2 0 br-lan
fe80::/64 :: U 256 1 0 wlan0
fe80::/64 :: U 256 1 0 wlan1
::/0 fe80::1 UGDA 1024 5 0 br-wan
::/0 fe80::ce1a:faff:feea:e1a0 UGDA 1024 2 0 pppoe-wan
::1/128 :: Un 0 7 0 lo
240e:398:332:129::/128 :: Un 0 3 0 pppoe-wan
240e:398:332:129:1e40:e8d7:7612:327d/128 :: Un 0 5 0 pppoe-wan
fe80::/128 :: Un 0 5 0 br-wan
fe80::/128 :: Un 0 3 0 br-lan
fe80::/128 :: Un 0 3 0 wlan0
fe80::/128 :: Un 0 3 0 wlan1
fe80::1e40:e8d7:7612:327d/128 :: Un 0 4 0 pppoe-wan
fe80::1e40:e8ff:fe12:327c/128 :: Un 0 3 0 br-lan
fe80::1e40:e8ff:fe12:327d/128 :: Un 0 5 0 br-wan
fe80::1e40:e8ff:fe12:327e/128 :: Un 0 3 0 wlan0
fe80::1e40:e8ff:fe12:327f/128 :: Un 0 2 0 wlan1
ff00::/8 :: U 256 2 0 br-wan
ff00::/8 :: U 256 5 0 pppoe-wan
ff00::/8 :: U 256 5 0 br-lan
ff00::/8 :: U 256 1 0 wlan0
ff00::/8 :: U 256 1 0 wlan1
::/0 :: !n -1 2 0 lo

路由器系统设置
net.ipv6.conf.default.forwarding=2
net.ipv6.conf.all.forwarding=2
net.ipv6.conf.default.accept_ra=2
net.ipv6.conf.all.accept_ra=2

24

sorasyl

OP

2021-12-04 21:20:46 +08:00

设备路由表
Internet6:
Destination Gateway Flags Netif Expire
default fe80::1e40:e8ff:fe12:327c%en0 UGcg en0
default fe80::%utun0 UGcIg utun0
default fe80::%utun1 UGcIg utun1
::1 ::1 UHL lo0
240e:398:332:129::/64 link#11 UC en0
240e:398:332:129:df:95f1:506a:c13b 3c:6:30:4b:73:6f UHL lo0
240e:398:332:129:19ba:8549:eb48:faaa 3c:6:30:4b:73:6f UHL lo0
fe80::%lo0/64 fe80::1%lo0 UcI lo0
fe80::1%lo0 link#1 UHLI lo0
fe80::%anpi1/64 link#4 UCI anpi1
fe80::1c80:20ff:fe1e:8a5a%anpi1 1e:80:20:1e:8a:5a UHLI lo0
fe80::%anpi0/64 link#5 UCI anpi0
fe80::1c80:20ff:fe1e:8a59%anpi0 1e:80:20:1e:8a:59 UHLI lo0
fe80::%en0/64 link#11 UCI en0
fe80::463:37b7:e560:f9c4%en0 3c:6:30:4b:73:6f UHLI lo0
fe80::1e40:e8ff:fe12:327c%en0 1c:40:e8:12:32:7c UHLWIir en0
fe80::%awdl0/64 link#14 UCI awdl0
fe80::28c4:46ff:fe35:17c4%awdl0 2a:c4:46:35:17:c4 UHLI lo0
fe80::%llw0/64 link#15 UCI llw0
fe80::28c4:46ff:fe35:17c4%llw0 2a:c4:46:35:17:c4 UHLI lo0
fe80::%utun0/64 fe80::7481:c99a:72ad:3621%utun0 UcI utun0
fe80::7481:c99a:72ad:3621%utun0 link#16 UHLI lo0
fe80::%utun1/64 fe80::57b5:fcce:7615:3dd5%utun1 UcI utun1
fe80::57b5:fcce:7615:3dd5%utun1 link#17 UHLI lo0
ff00::/8 ::1 UmCI lo0
ff00::/8 link#4 UmCI anpi1
ff00::/8 link#5 UmCI anpi0
ff00::/8 link#11 UmCI en0
ff00::/8 link#14 UmCI awdl0
ff00::/8 link#15 UmCI llw0
ff00::/8 fe80::7481:c99a:72ad:3621%utun0 UmCI utun0
ff00::/8 fe80::57b5:fcce:7615:3dd5%utun1 UmCI utun1
ff01::%lo0/32 ::1 UmCI lo0
ff01::%anpi1/32 link#4 UmCI anpi1
ff01::%anpi0/32 link#5 UmCI anpi0
ff01::%en0/32 link#11 UmCI en0
ff01::%awdl0/32 link#14 UmCI awdl0
ff01::%llw0/32 link#15 UmCI llw0
ff01::%utun0/32 fe80::7481:c99a:72ad:3621%utun0 UmCI utun0
ff01::%utun1/32 fe80::57b5:fcce:7615:3dd5%utun1 UmCI utun1
ff02::%lo0/32 ::1 UmCI lo0
ff02::%anpi1/32 link#4 UmCI anpi1
ff02::%anpi0/32 link#5 UmCI anpi0
ff02::%en0/32 link#11 UmCI en0
ff02::%awdl0/32 link#14 UmCI awdl0
ff02::%llw0/32 link#15 UmCI llw0
ff02::%utun0/32 fe80::7481:c99a:72ad:3621%utun0 UmCI utun0
ff02::%utun1/32 fe80::57b5:fcce:7615:3dd5%utun1 UmCI utun1

25

acbot

2021-12-06 08:56:14 +08:00

你在路由器上用 traceroute6 -s [路由器 br-lan ipv6 公网地址] bbs6.ustc.edu.cn ，你这个情况应该是路由没有通告到下面的设备，正常情况你在设备上添加一条 v6 默认路由指向路由器 LAN 或者 WAN 口就可以通，我个人感觉你之前你修改过默认防火墙，你看一下防火墙上应该有 dhcpv6 icmpv6 ipcmv6-forward 等等允许通过的规则。个人建议你重置一下所有设置然后仅仅只修改

config dhcp 'lan'
option interface 'lan'

....

option ndp 'relay'
option dhcpv6 'relay'
option ra 'relay'

另外一般情况 pppoe 成功之后是生成一个 WAN_6 的虚拟接口你这里这个 WAN6 接口应该是系统自带的我建议可以删除并且暂时不要配置 option master '1'