声明: 本文采用方法来自 http://blog.lifetoy.org/2010/01/31/isatap-behide-nat/, 我仅仅是写了一个自动配置脚本(不包括配置路由器).
首先, 这个方法只能让内网一台机器用上ISATAP隧道(仅仅是简单的转发了相关数据包而已). 主要步骤分为两个:
- 配置路由器转发协议号41的数据包到你的内网机器
- 修改本机的ISATAP相关配置(拥有外网环境则会自动完成这一步, 内网环境需要手动处理一些问题)
只有一部分路由器本来的FIRMWARE支持转发协议号41的数据包, 如果你用的路由器不支持, 那就只能尝试dd-wrt或者openwrt了. 如果你的路由器很不幸的也不能刷这类自定义固件, 那也就没办法了..(嗯)
Linux类环境可以使用iptables实现转发(假设你的内网IP地址为192.168.0.10, 网关IP为192.168.0.1, 下同):
iptables -t nat -A PREROUTING -d 192.168.0.10 -p 41 -j DNAT --to 192.168.0.1openwrt则可以修改文件 /etc/config/firewall: (此段为转载)
config redirect
option src wan
option dest lan
option dest_ip 192.168.0.10
option proto 41至此, 第一步就做完了.
第二步, 可以用下面的脚本自动完成.
原文给出的bat脚本我在win7和winxp里都试过, 不能发挥应有的作用, 而且每次外网ip变动时都需要修改, 这对于动态ip用户更是无法接受的. 于是我用Python重写了一个脚本, 目前只能在XP系统使用. (其实要在Win7下用应该只需要很小的修改, 不过我暂时没测试环境:P)
注: 脚本中写的是上交的isatap隧道服务器配置, 如需使用其他服务器, 稍加修改即可.
#coding:gbk
#IPv6.py For Windows XP - By Felix Yan
# Change the following line if needed.
interface = "Automatic Tunneling Pseudo-Interface"
ipv6prefix = "2001:da8:8000:d011"
isatapserver = "202.112.26.246"
import sys, subprocess
print "Getting current IP address ... ",
sys.stdout.flush()
import urllib2, re
try:
page = urllib2.urlopen("http://www.ip138.com/ip2city.asp").read()
pub_ip = re.findall('\[([\d\.]+)\]', page)[0]
print pub_ip
except:
print "Failed"
sys.exit(1)
print "Disabling ISATAP ... ",
sys.stdout.flush()
ret = subprocess.Popen("netsh int ipv6 isatap set state disabled", shell=True, stdout=subprocess.PIPE)
if u"确定" not in unicode(ret.communicate()[0], "mbcs"):
print "Failed"
sys.exit(1)
print "Success"
print "Re-enabling ISATAP ... ",
sys.stdout.flush()
ret = subprocess.Popen("netsh int ipv6 isatap set state enabled", shell=True, stdout=subprocess.PIPE)
if u"确定" not in unicode(ret.communicate()[0], "mbcs"):
print "Failed"
sys.exit(1)
print "Success"
print "Deleting existing IPv6 address for ISATAP interface ... "
ret = subprocess.Popen("netsh int ipv6 show address \"" + interface + "\"", shell=True, stdout=subprocess.PIPE)
old_ip = re.findall(u"地址\s*:\s*([0-9a-fA-F\:\.]+)", unicode(ret.communicate()[0], "mbcs"))
for ip in old_ip:
print "Deleting " + ip + " ... "
#sys.stdout.flush()
ret = subprocess.Popen("netsh int ipv6 del address \"" + interface + "\" " + ip, shell=True, stdout=subprocess.PIPE)
#print ret.communicate()[0]
print "Adding correct IPv6 addresses ... "
new_ip = ["fe80::5efe:" + pub_ip, ipv6prefix + ":0:5efe:" + pub_ip]
for ip in new_ip:
print "Adding " + ip + " ... ",
sys.stdout.flush()
ret = subprocess.Popen("netsh int ipv6 add address \"" + interface + "\" " + ip, shell=True, stdout=subprocess.PIPE)
if u"确定" not in unicode(ret.communicate()[0], "mbcs"):
print "Failed"
sys.exit(1)
print "Success"
print "Getting interface id ... ",
sys.stdout.flush()
ret = subprocess.Popen("ipv6 if", shell=True, stdout=subprocess.PIPE)
id = re.findall("Interface ([\d]+): " + interface, ret.communicate()[0])
if len(id):
print "Success: " + id[0]
else:
print "Failed"
sys.exit(1)
print "Adding route ... "
route = "::" + isatapserver
ret = subprocess.Popen("ipv6 rtu ::/0 " + id[0] + "/" + route, shell=True, stdout=subprocess.PIPE)
result = ret.communicate()
print "Testing 2001:470:20::2 ... ",
sys.stdout.flush()
ret = subprocess.Popen("ping -n 1 2001:470:20::2", shell=True, stdout=subprocess.PIPE)
time = re.findall("\=([\d\.]+ms)", ret.communicate()[0])
if len(time):
print "Success: " + time[0]
else:
print "Failed"
sys.exit(1)
参考资料还有: http://serverfault.com/questions/89025/forwarding-protocol-41-6to4-to-a-linux-box
openwrt里在/etc/firewall.user里加入iptables -t nat -A PREROUTING -d 192.168.0.10 -p 41 -j DNAT –to 192.168.0.1后实现转发,但是北邮人等网站上的torrent文件下载不了,有办法解决吗?
另那个python脚本能更新一下吗,win7不能用,xp可以
点击下载torrent会显示正在等待响应
看到 felixcat 就知道果断是你……
请问有没时间修改下脚本,使得能在win7环境下运行呢.
=.= 我很久很久不用 Windows 了, 乃要是改好了欢迎在这里留言帮助其他人哦 😛
非常感谢yan老师~Testing 2001:470:20::2 … Success: 285ms 太高兴了
折腾了两天还是搞不定
Getting current IP address … 171.36.107.79
Disabling ISATAP … Success
Re-enabling ISATAP … Success
Deleting existing IPv6 address for ISATAP interface …
Deleting fe80::5efe:192.168.99.66 …
Deleting 2001:da8:8000:d011:0:5efe:171.36.107.79 …
Adding correct IPv6 addresses …
Adding fe80::5efe:171.36.107.79 … Success
Adding 2001:da8:8000:d011:0:5efe:171.36.107.79 … Success
Getting interface id … Success: 2
Adding route …
Testing 2001:470:20::2 … Failed
Traceback (most recent call last):
File “d:\桌面\桌面_98890\ipv6.py”, line 81, in
sys.exit(1)
SystemExit: 1
config ‘redirect’
option ‘src’ ‘wan’
option ‘_name’ ‘ipv6’
option ‘src_dport’ ’41’
option ‘dest_ip’ ‘192.168.99.66’
option ‘dest_port’ ’41’
option ‘proto’ ‘tcpudp’
option ‘target’ ‘DNAT’
option ‘dest’ ‘lan’
转发仍然不对, 应该是proto 41, 不是port 41
我估计我用的这个openwrt编译版本根本不支持41协议解析。
执行到 Getting interface id 之后出错。请教
PythonWin 2.7.2 (default, Jun 24 2011, 12:21:10) [MSC v.1500 32 bit (Intel)] on win32.
Portions Copyright 1994-2008 Mark Hammond – see ‘Help/About PythonWin’ for further copyright information.
>>> Getting current IP address … 171.36.105.148
Disabling ISATAP … Success
Re-enabling ISATAP … Success
Deleting existing IPv6 address for ISATAP interface …
Deleting fe80::5efe:192.168.99.66 …
Deleting 2001:da8:8000:d010:0:5efe:182.88.111.131 …
Deleting fe80::5efe:182.88.111.131 …
Deleting 2001:da8:8000:d011:0:5efe:171.36.105.148 …
Adding correct IPv6 addresses …
Adding fe80::5efe:171.36.105.148 … Success
Adding 2001:da8:8000:d011:0:5efe:171.36.105.148 … Success
Getting interface id … Failed
Getting current IP address … 171.36.105.148
Disabling ISATAP … Success
Re-enabling ISATAP … Success
Deleting existing IPv6 address for ISATAP interface …
Deleting fe80::5efe:192.168.99.66 …
Deleting 2001:da8:8000:d010:0:5efe:182.88.111.131 …
Deleting fe80::5efe:182.88.111.131 …
Deleting 2001:da8:8000:d011:0:5efe:171.36.105.148 …
Deleting fe80::5efe:171.36.105.148 …
Adding correct IPv6 addresses …
Adding fe80::5efe:171.36.105.148 … Success
Adding 2001:da8:8000:d011:0:5efe:171.36.105.148 … Success
Getting interface id … Failed
Getting current IP address … >>> 171.36.105.148
Disabling ISATAP … Success
Re-enabling ISATAP … Success
Deleting existing IPv6 address for ISATAP interface …
Deleting fe80::5efe:192.168.99.66 …
Deleting 2001:da8:8000:d010:0:5efe:182.88.111.131 …
Deleting fe80::5efe:182.88.111.131 …
Deleting 2001:da8:8000:d011:0:5efe:171.36.105.148 …
Deleting fe80::5efe:171.36.105.148 …
Adding correct IPv6 addresses …
Adding fe80::5efe:171.36.105.148 … Success
Adding 2001:da8:8000:d011:0:5efe:171.36.105.148 … Success
Getting interface id … Failed
系统有ipv6这个命令吗?
ipv6.exe 在system32目录下。openwrt已做好 41端口转发。是不是我的Pyhon版本不对呢?
interface = “Automatic Tunneling Pseudo-Interface”
这里有改对吗?
interface 部分是默认的。ipconfig /all 所描述的端口和脚本中的 “Automatic Tunneling Pseudo-Interface”相同。也尝试用netsh int ipv6 show int 获得索引号为 “2”,修改到PY脚本后同样的错误问题。
我刚在办公室的电脑测试,已经可以运行到TEST部分了。因为防火墙限制,这么里肯定过不了TEST测试。一会回家重装系统试下。家里电脑装的是xp home sp3,怀疑是这个问题。
日本用户访问测试 -。-
乃这是ipv6…我这才是正宗日本233
我错了 这次才是ipv4 = =……
……话说这个地区识别插件不支持v6麽 – -?
是的- -而且不太好改, 于是我无视了…
= =“
PS. pls check twitter message“
现在发现6rd隧道才是王道吖 -。-
还没折腾过… = =
貌似在dd-wrt路由器上运行了iptables命令之后,teredo隧道性能变好了,以前还得ping一下v6地址才能初始化 ^。^
在文中的方案被证实可用之前懒得亲测isatap隧道了..
= =|||我这文中的方案我已经在三个地方验证可用了…
没图没真相啊 – –
= =|||||||||这个……那个…….嗯……..
弱问下,原文脚本“不能发挥应有的作用”是因为内网PC的isatap隧道接口完全不能获取全局v6地址,还是指能获取地址但是不能上网呢?
是因为原文脚本没能成功删除那几个地址, 尤其是最后一步重启, 把错误地址全部弄回来了, 而且没有陆由….
mark. 怀疑用上交isatap的速度说不定比用米国的tunnelbroker还快些。。
教育网内肯定这样…