Merci pour le script, Zoc.
J'ai testé à l'instant en mettant switch0 à la place d'eth0 et je n'obtiens même pas la route par défaut.
Par contre, si je mets une interface erronée (ici eth3), le routeur peut pinger en ipv6:
root@ubnt:~# show ipv6 route
IPv6 Routing Table
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
IA - OSPF inter area, E1 - OSPF external type 1,
E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type 2, B - BGP
Timers: Uptime
IP Route Table for VRF "default"
K ::/0 [0/1024] via fe80::ba0:bab, eth0.832, 00:29:12
C ::1/128 via ::, lo, 00:49:00
C 2a01:xxxx:xxx:xx01::/64 via ::, eth3, 00:45:46
C fe80::/64 via ::, eth1.832, 00:47:53
root@ubnt:~# ping6 www.google.com
PING www.google.com(dg-in-x69.1e100.net) 56 data bytes
64 bytes from dg-in-x69.1e100.net: icmp_seq=1 ttl=56 time=22.5 ms
64 bytes from dg-in-x69.1e100.net: icmp_seq=2 ttl=56 time=22.4 ms
64 bytes from dg-in-x69.1e100.net: icmp_seq=3 ttl=56 time=22.3 ms
^C
--- www.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 22.376/22.445/22.502/0.180 ms
root@ubnt:~#
mais du coup, coté LAN, je n'ai plus ce réseau 2a01:xxxx:xxx:xx01::/64 sur les machine.
Je mets ma config au cas ou il ya aurait quelque chose de faux dedans.
firewall {
all-ping enable
broadcast-ping disable
ipv6-name WAN6_IN {
default-action drop
rule 10 {
action accept
description "allow established"
protocol all
state {
established enable
related enable
}
}
rule 20 {
action drop
description "drop invalid packets"
protocol all
state {
invalid enable
}
}
rule 30 {
action accept
description "allow ICMPv6"
protocol icmpv6
}
}
ipv6-name WAN6_LOCAL {
default-action drop
rule 10 {
action accept
description "allow established"
protocol all
state {
established enable
related enable
}
}
rule 20 {
action drop
description "drop invalid packets"
protocol all
state {
invalid enable
}
}
rule 30 {
action accept
description "allow ICMPv6"
protocol icmpv6
}
rule 40 {
action accept
description "allow DHCPv6 client/server"
destination {
port 546
}
protocol udp
source {
port 547
}
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name WAN_IN {
default-action drop
description "packets from Internet to LAN"
enable-default-log
rule 1 {
action accept
description "allow established sessions"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 2 {
action drop
description "drop invalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}
name WAN_LOCAL {
default-action drop
description "packets from Internet to the router"
rule 1 {
action accept
description "allow established session to the router"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 2 {
action drop
description "drop invalid state"
log disable
protocol all
state {
established disable
invalid enable
new disable
related disable
}
}
}
options {
mss-clamp {
interface-type pppoe
interface-type pptp
interface-type tun
mss 1452
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
description Internet_ONT
duplex auto
poe {
output off
}
speed auto
vif 832 {
address dhcp
description "Internet Orange DHCP"
dhcp-options {
client-option "send vendor-class-identifier "sagem";"
client-option "send dhcp-client-identifier MA:CD:EL:AL:IV:EB:OX;"
client-option "send user-class "+FSVDSL_livebox.Internet.softathome.Livebox4";"
client-option "send rfc3118-authentication ST:RI:NG:HE:XA:DE:VO:TR:EI:DE:NT:IF:IA:NT:0F:TI;"
client-option "request dhcp-lease-time, dhcp-renewal-time, dhcp-rebinding-time, domain-search, rfc3118-auth, SIP;"
default-route update
default-route-distance 210
name-server update
}
egress-qos "0:0 1:0 2:0 3:0 4:0 5:0 6:6 7:0"
firewall {
in {
ipv6-name WAN6_IN
name WAN_IN
}
local {
ipv6-name WAN6_LOCAL
name WAN_LOCAL
}
}
ipv6 {
address {
autoconf
}
dup-addr-detect-transmits 1
}
}
vif 838 {
address dhcp
description "TV - VOD"
dhcp-options {
client-option "send vendor-class-identifier "sagem";"
client-option "send dhcp-client-identifier 1:MA:CD:EL:AL:IV:EB:OX:TV;"
client-option "send user-class "\047FSVDSL_livebox.MLTV.softathome.Livebox4";"
client-option "request subnet-mask, rfc3442-classless-static-routes;"
default-route update
default-route-distance 210
name-server update
}
egress-qos "0:4 1:4 2:4 3:4 4:4 5:4 6:4 7:4"
}
vif 840 {
address 192.168.255.254/24
description "VLAN TV Canal 1 - Zap"
egress-qos "0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5"
}
}
ethernet eth1 {
description LAN2_Livebox_VoIP
duplex auto
poe {
output off
}
speed auto
vif 832 {
address 192.168.10.254/24
description Voip
}
}
ethernet eth2 {
address 192.168.2.254/24
description LAN3_Livebox_TV
duplex auto
poe {
output off
}
speed auto
}
ethernet eth3 {
duplex auto
poe {
output off
}
speed auto
}
ethernet eth4 {
duplex auto
poe {
output off
}
speed auto
}
loopback lo {
}
switch switch0 {
address 172.16.0.1/24
ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
link-mtu 0
managed-flag false
max-interval 600
other-config-flag false
prefix ::/64 {
autonomous-flag true
on-link-flag true
valid-lifetime 2592000
}
reachable-time 0
retrans-timer 0
send-advert true
}
}
mtu 1500
switch-port {
interface eth3 {
}
interface eth4 {
}
vlan-aware disable
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface switch0
rule 1 {
description Minecraft
forward-to {
address 172.16.0.4
port 25565
}
original-port 25565
protocol tcp
}
wan-interface eth0.832
}
protocols {
igmp-proxy {
disable-quickleave
interface eth0.832 {
role disabled
threshold 1
}
interface eth0.838 {
role disabled
threshold 1
}
interface eth0.840 {
alt-subnet 0.0.0.0/0
role upstream
threshold 1
}
interface eth1 {
role disabled
threshold 1
}
interface eth2 {
alt-subnet 0.0.0.0/0
role downstream
threshold 1
}
interface eth3 {
role disabled
threshold 1
}
interface eth4 {
role disabled
threshold 1
}
interface switch0 {
role disabled
threshold 255
}
}
}
service {
dhcp-server {
disabled false
global-parameters "option rfc3118-auth code 90 = string;"
global-parameters "option SIP code 120 = string;"
hostfile-update enable
shared-network-name LOCAL_NETWORK {
authoritative enable
subnet 172.16.0.0/24 {
default-router 172.16.0.1
dns-server 172.16.0.2
dns-server 172.16.0.3
domain-name wongafa.net
lease 86400
start 172.16.0.50 {
stop 172.16.0.209
}
}
shared-network-name Livebox {
authoritative enable
subnet 192.168.10.0/24 {
default-router 192.168.10.254
dns-server 80.10.246.136
dns-server 81.253.149.6
lease 86400
start 192.168.10.21 {
stop 192.168.10.200
}
static-mapping Livebox {
ip-address 192.168.10.1
mac-address XX:XX:XX:XX:XX
}
subnet-parameters "option rfc3118-auth 00:00:00:00:00:00:00:00:00:00:00:64:xxxx;"
subnet-parameters "option SIP 0:6:73:62:63:74:33:67:3:50:55:54:6:61:63:63:65:73:73:11:6f:72:61:6e:xxxx;"
}
}
shared-network-name TV {
authoritative enable
subnet 192.168.2.0/24 {
default-router 192.168.2.254
dns-server 80.10.246.3
dns-server 81.253.149.10
lease 86400
start 192.168.2.10 {
stop 192.168.2.10
}
}
}
use-dnsmasq disable
}
dns {
forwarding {
cache-size 1000
listen-on switch0
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5010 {
description "Masquerading outgoing connections"
log disable
outbound-interface eth0.832
protocol all
type masquerade
}
rule 5011 {
description "Masquerading TV"
log disable
outbound-interface eth0.838
protocol all
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
upnp2 {
listen-on switch0
nat-pmp enable
secure-mode disable
wan eth0.832
}
}
system {
config-management {
commit-revisions 5
}
conntrack {
expect-table-size 4096
hash-size 4096
table-size 32768
tcp {
half-open-connections 512
loose disable
max-retrans 3
}
}
host-name ubnt
login {
user ubnt {
authentication {
encrypted-password ""
plaintext-password ""
}
level admin
}
}
name-server 8.8.8.8
name-server 8.8.4.4
name-server 2001:4860:4860::8888
name-server 2001:4860:4860::8844
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat disable
ipsec enable
ipv4 {
forwarding enable
pppoe enable
vlan enable
}
ipv6 {
forwarding enable
vlan enable
}
}
package {
repository wheezy {
components "main contrib non-free"
distribution wheezy
password ""
url http://ftp2.fr.debian.org/debian
username ""
}
repository wheezy-security {
components main
distribution wheezy/updates
password ""
url http://security.debian.org
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level warning
}
}
}
time-zone Europe/Paris
traffic-analysis {
dpi disable
export disable
}
}
Merci