02-25-2022, 04:37 PM
(02-25-2022, 12:57 AM)vusra Wrote:(02-10-2022, 09:39 AM)deb75 Wrote: Thanks for yous answeer.
I will try the script you provided, but I doubt it will work because the forward iptable rules operates on the ipv4 stack
whereas my wwan interface has only a ipv6 address. I do not think they can communicate, as far as I understand.
Did the script work? ipv6 wwan address should not be of concern.
Hi,
Yes it worked.
I endded up by performing an ipv6 nat :
Code:
#!/bin/sh
PATH='/sbin'
if [ "x$1" != "xusb0"] || [ "x$2" != "xup" ];
then
return 0
fi
sysctl -w net.ipv6.conf.usb0.accept_ra=2
sysctl -w net.ipv6.conf.usb0.autoconf=1
# Allow all incoming traffic from local area network interface.
ip6tables -t filter -A INPUT -i usb0 -m conntrack --ctstate NEW -j ACCEPT
# Enable access traffic, from the firewall to the LAN network
ip6tables -t filter -A OUTPUT -o usb0 -m conntrack --ctstate NEW -j ACCEPT
# Forward packages from the internal network (usb0) to the internet (wwan0).
ip6tables -t filter -A FORWARD -i usb0 -o wwan0 -m conntrack --ctstate NEW -j ACCEPT
# Masquerade packets going into the internet (wwan0).
ip6tables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE
# Allow ssh from usb0
ip6tables -t filter -A INPUT -i usb0 -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPTAlso, I set up radvd : (/etc/radvd.conf)
Code:
interface usb0 {
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
prefix fd00:2016:22:dec::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};The prefix above is the ULA (Unique Local Address) ipv6 of the usb0 interface.
There should be a better way as one of the ipv6 goal is to eliminate the need of network address translation (nat).
