作爲Google支持native IPv6 on Google Compute Engine之前的一個缺口,我想配置一個6in4 (IP protocol 41) tunnel。如何通過GCE防火牆允許協議-41(6in4)?
我添加了一個防火牆規則來允許我的虛擬機的網絡協議41:
Name Source tag/IP range Allowed protocols/ports Target tags
allow-6in4 216.66.xxx.xxx 41 Apply to all targets
而且在/etc/network/interfaces
配置隧道:
auto 6in4
iface 6in4 inet6 v4tunnel
address 2001:470:xxxx:xxxx::2
netmask 64
endpoint 216.66.xxx.xxx
gateway 2001:470:xxxx:xxxx::1
ttl 64
up ip link set mtu 1280 dev $IFACE
而且ping6 2001:470:xxxx:xxxx::1
並驗證6in4隧道技術的流量是出站:
$ sudo tcpdump -pni eth0 host 216.66.xxx.xxx
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:52:03.732841 IP 10.240.xxx.xxx > 216.66.xxx.xxx: IP6 2001:470:xxxx:xxxx::2 > 2001:470:xxxx:xxxx::1: ICMP6, echo request, seq 1, length 64
22:52:04.740726 IP 10.240.xxx.xxx > 216.66.xxx.xxx: IP6 2001:470:xxxx:xxxx::2 > 2001:470:xxxx:xxxx::1: ICMP6, echo request, seq 2, length 64
22:52:05.748690 IP 10.240.xxx.xxx > 216.66.xxx.xxx: IP6 2001:470:xxxx:xxxx::2 > 2001:470:xxxx:xxxx::1: ICMP6, echo request, seq 3, length 64
我改變了終點時刻y到我可以運行tcpdump的地址,並確認數據包沒有到達目的地。我甚至在GCE沒有爲6in4包做這件事情的時候嘗試過NAT,但是沒有運氣(iptables -t nat -A POSTROUTING -p ipv6 -j SNAT --to-source 130.211.xxx.xxx
)。
是否有人獲得了6in4隧道在GCE虛擬機上工作?有什麼魔法設置我錯過了某個地方?