内网Windows XP用户使用ISATAP隧道的方法(附自动配置脚本)

声明: 本文采用方法来自 http://blog.lifetoy.org/2010/01/31/isatap-behide-nat/, 我仅仅是写了一个自动配置脚本(不包括配置路由器).

首先, 这个方法只能让内网一台机器用上ISATAP隧道(仅仅是简单的转发了相关数据包而已). 主要步骤分为两个:

  • 配置路由器转发协议号41的数据包到你的内网机器
  • 修改本机的ISATAP相关配置(拥有外网环境则会自动完成这一步, 内网环境需要手动处理一些问题)

只有一部分路由器本来的FIRMWARE支持转发协议号41的数据包, 如果你用的路由器不支持, 那就只能尝试dd-wrt或者openwrt了. 如果你的路由器很不幸的也不能刷这类自定义固件, 那也就没办法了..(嗯)

Linux类环境可以使用iptables实现转发(假设你的内网IP地址为192.168.0.10, 网关IP为192.168.0.1, 下同):

iptables -t nat -A PREROUTING -d 192.168.0.10 -p 41 -j DNAT --to 192.168.0.1

openwrt则可以修改文件 /etc/config/firewall: (此段为转载)

config redirect
option src                      wan
option dest                     lan
option dest_ip          192.168.0.10
option proto            41

至此, 第一步就做完了.

第二步, 可以用下面的脚本自动完成.
原文给出的bat脚本我在win7和winxp里都试过, 不能发挥应有的作用, 而且每次外网ip变动时都需要修改, 这对于动态ip用户更是无法接受的. 于是我用Python重写了一个脚本, 目前只能在XP系统使用. (其实要在Win7下用应该只需要很小的修改, 不过我暂时没测试环境:P)
注: 脚本中写的是上交的isatap隧道服务器配置, 如需使用其他服务器, 稍加修改即可.

#coding:gbk
#IPv6.py For Windows XP - By Felix Yan

# Change the following line if needed.
interface = "Automatic Tunneling Pseudo-Interface"
ipv6prefix = "2001:da8:8000:d011"
isatapserver = "202.112.26.246"

import sys, subprocess

print "Getting current IP address ... ",
sys.stdout.flush()
import urllib2, re
try:
    page = urllib2.urlopen("http://www.ip138.com/ip2city.asp").read()
    pub_ip = re.findall('\[([\d\.]+)\]', page)[0]
    print pub_ip
except:
    print "Failed"
    sys.exit(1)

print "Disabling ISATAP ... ",
sys.stdout.flush()
ret = subprocess.Popen("netsh int ipv6 isatap set state disabled", shell=True, stdout=subprocess.PIPE)
if u"确定" not in unicode(ret.communicate()[0], "mbcs"):
    print "Failed"
    sys.exit(1)
print "Success"

print "Re-enabling ISATAP ... ",
sys.stdout.flush()
ret = subprocess.Popen("netsh int ipv6 isatap set state enabled", shell=True, stdout=subprocess.PIPE)
if u"确定" not in unicode(ret.communicate()[0], "mbcs"):
    print "Failed"
    sys.exit(1)
print "Success"

print "Deleting existing IPv6 address for ISATAP interface ... "
ret = subprocess.Popen("netsh int ipv6 show address \"" + interface + "\"", shell=True, stdout=subprocess.PIPE)
old_ip = re.findall(u"地址\s*:\s*([0-9a-fA-F\:\.]+)", unicode(ret.communicate()[0], "mbcs"))
for ip in old_ip:
    print "Deleting " + ip + " ... "
    #sys.stdout.flush()
    ret = subprocess.Popen("netsh int ipv6 del address \"" + interface + "\" " + ip, shell=True, stdout=subprocess.PIPE)
    #print ret.communicate()[0]

print "Adding correct IPv6 addresses ... "
new_ip = ["fe80::5efe:" + pub_ip, ipv6prefix + ":0:5efe:" + pub_ip]
for ip in new_ip:
    print "Adding " + ip + " ... ",
    sys.stdout.flush()
    ret = subprocess.Popen("netsh int ipv6 add address \"" + interface + "\" " + ip, shell=True, stdout=subprocess.PIPE)
    if u"确定" not in unicode(ret.communicate()[0], "mbcs"):
        print "Failed"
        sys.exit(1)
    print "Success"

print "Getting interface id ... ",
sys.stdout.flush()
ret = subprocess.Popen("ipv6 if", shell=True, stdout=subprocess.PIPE)
id = re.findall("Interface ([\d]+): " + interface, ret.communicate()[0])
if len(id):
    print "Success: " + id[0]
else:
    print "Failed"
    sys.exit(1)

print "Adding route ... "
route = "::" + isatapserver
ret = subprocess.Popen("ipv6 rtu ::/0 " + id[0] + "/" + route, shell=True, stdout=subprocess.PIPE)
result = ret.communicate()

print "Testing 2001:470:20::2 ... ",
sys.stdout.flush()
ret = subprocess.Popen("ping -n 1 2001:470:20::2", shell=True, stdout=subprocess.PIPE)
time = re.findall("\=([\d\.]+ms)", ret.communicate()[0])
if len(time):
    print "Success: " + time[0]
else:
    print "Failed"
    sys.exit(1)

参考资料还有: http://serverfault.com/questions/89025/forwarding-protocol-41-6to4-to-a-linux-box

33 thoughts on “内网Windows XP用户使用ISATAP隧道的方法(附自动配置脚本)”

  1. openwrt里在/etc/firewall.user里加入iptables -t nat -A PREROUTING -d 192.168.0.10 -p 41 -j DNAT –to 192.168.0.1后实现转发,但是北邮人等网站上的torrent文件下载不了,有办法解决吗?
    另那个python脚本能更新一下吗,win7不能用,xp可以

  2. 折腾了两天还是搞不定

    Getting current IP address … 171.36.107.79
    Disabling ISATAP … Success
    Re-enabling ISATAP … Success
    Deleting existing IPv6 address for ISATAP interface …
    Deleting fe80::5efe:192.168.99.66 …
    Deleting 2001:da8:8000:d011:0:5efe:171.36.107.79 …
    Adding correct IPv6 addresses …
    Adding fe80::5efe:171.36.107.79 … Success
    Adding 2001:da8:8000:d011:0:5efe:171.36.107.79 … Success
    Getting interface id … Success: 2
    Adding route …
    Testing 2001:470:20::2 … Failed

    Traceback (most recent call last):
    File “d:\桌面\桌面_98890\ipv6.py”, line 81, in
    sys.exit(1)
    SystemExit: 1

    1. config ‘redirect’
      option ‘src’ ‘wan’
      option ‘_name’ ‘ipv6’
      option ‘src_dport’ ’41’
      option ‘dest_ip’ ‘192.168.99.66’
      option ‘dest_port’ ’41’
      option ‘proto’ ‘tcpudp’
      option ‘target’ ‘DNAT’
      option ‘dest’ ‘lan’

  3. 执行到 Getting interface id 之后出错。请教

    PythonWin 2.7.2 (default, Jun 24 2011, 12:21:10) [MSC v.1500 32 bit (Intel)] on win32.
    Portions Copyright 1994-2008 Mark Hammond – see ‘Help/About PythonWin’ for further copyright information.
    >>> Getting current IP address … 171.36.105.148
    Disabling ISATAP … Success
    Re-enabling ISATAP … Success
    Deleting existing IPv6 address for ISATAP interface …
    Deleting fe80::5efe:192.168.99.66 …
    Deleting 2001:da8:8000:d010:0:5efe:182.88.111.131 …
    Deleting fe80::5efe:182.88.111.131 …
    Deleting 2001:da8:8000:d011:0:5efe:171.36.105.148 …
    Adding correct IPv6 addresses …
    Adding fe80::5efe:171.36.105.148 … Success
    Adding 2001:da8:8000:d011:0:5efe:171.36.105.148 … Success
    Getting interface id … Failed
    Getting current IP address … 171.36.105.148
    Disabling ISATAP … Success
    Re-enabling ISATAP … Success
    Deleting existing IPv6 address for ISATAP interface …
    Deleting fe80::5efe:192.168.99.66 …
    Deleting 2001:da8:8000:d010:0:5efe:182.88.111.131 …
    Deleting fe80::5efe:182.88.111.131 …
    Deleting 2001:da8:8000:d011:0:5efe:171.36.105.148 …
    Deleting fe80::5efe:171.36.105.148 …
    Adding correct IPv6 addresses …
    Adding fe80::5efe:171.36.105.148 … Success
    Adding 2001:da8:8000:d011:0:5efe:171.36.105.148 … Success
    Getting interface id … Failed
    Getting current IP address … >>> 171.36.105.148
    Disabling ISATAP … Success
    Re-enabling ISATAP … Success
    Deleting existing IPv6 address for ISATAP interface …
    Deleting fe80::5efe:192.168.99.66 …
    Deleting 2001:da8:8000:d010:0:5efe:182.88.111.131 …
    Deleting fe80::5efe:182.88.111.131 …
    Deleting 2001:da8:8000:d011:0:5efe:171.36.105.148 …
    Deleting fe80::5efe:171.36.105.148 …
    Adding correct IPv6 addresses …
    Adding fe80::5efe:171.36.105.148 … Success
    Adding 2001:da8:8000:d011:0:5efe:171.36.105.148 … Success
    Getting interface id … Failed

      1. ipv6.exe 在system32目录下。openwrt已做好 41端口转发。是不是我的Pyhon版本不对呢?

          1. interface 部分是默认的。ipconfig /all 所描述的端口和脚本中的 “Automatic Tunneling Pseudo-Interface”相同。也尝试用netsh int ipv6 show int 获得索引号为 “2”,修改到PY脚本后同样的错误问题。

            1. 我刚在办公室的电脑测试,已经可以运行到TEST部分了。因为防火墙限制,这么里肯定过不了TEST测试。一会回家重装系统试下。家里电脑装的是xp home sp3,怀疑是这个问题。

  4. 貌似在dd-wrt路由器上运行了iptables命令之后,teredo隧道性能变好了,以前还得ping一下v6地址才能初始化 ^。^
    在文中的方案被证实可用之前懒得亲测isatap隧道了..

  5. 弱问下,原文脚本“不能发挥应有的作用”是因为内网PC的isatap隧道接口完全不能获取全局v6地址,还是指能获取地址但是不能上网呢?

    1. 是因为原文脚本没能成功删除那几个地址, 尤其是最后一步重启, 把错误地址全部弄回来了, 而且没有陆由….

Leave a Reply

Your email address will not be published. Required fields are marked *

QR Code Business Card