%EB%A5%BC%20%ED%95%91%ED%95%A0%20%EC%88%98%20%EC%97%86%EC%A7%80%EB%A7%8C%20IP%EB%A5%BC%20%EC%96%BB%EC%8A%B5%EB%8B%88%EB%8B%A4..png)
이제 IPv4 외에 IPv6 연결을 받아야 하는 세 개의 서버가 있습니다. 섬기는 사람:
- Pi4(라즈베리 파이 운영 체제)
- Nextcloud(Debian 10, Nextcloud 스냅)
- 메일 서버(Debian 10, mailcow는 docker로, IPv6도 사용함)
방화벽(최신 pfSense)에 직접 연결되어 있으며 자체 서브넷/VLAN에 상주합니다. 내 계획은 DCHPv6을 사용하여 DNS 및 방화벽 규칙을 사용할 수 있는 고정 IP를 제공하는 것입니다. 접두사 조회를 통해 ISP로부터 /56 서브넷을 얻었고, 내 네트워크의 모든 서브넷은 /64 서브넷을 얻었습니다. DHCP 서버의 구성은 다음과 같이 모든 서버에서 동일합니다. RA-Advertisment -> Managed Scope -> From::d:000 to::d:ffff
서버 1.-Pi4: 방화벽 -> xxxxxxx::d:1에서 필요한 v6 IP(정적 항목)를 가져옵니다. 사용자는 방화벽을 ping할 수 있고, 방화벽은 호스트를 ping할 수 있습니다.
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether dc:a6:32:ba:a6:40 brd ff:ff:ff:ff:ff:ff
inet 192.168.7.2/24 brd 192.168.7.255 scope global dynamic noprefixroute eth0
valid_lft 5564sec preferred_lft 4664sec
inet6 2a02:8106:26:c207::d:1/128 scope global dynamic noprefixroute
valid_lft 6268sec preferred_lft 3568sec
inet6 2a02:8106:26:c207:4f5b:7339:9f6f:6b9e/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86394sec preferred_lft 14394sec
inet6 fe80::3958:1364:8c6e:21ca/64 scope link
valid_lft forever preferred_lft forever
$ ip r
default via 192.168.7.1 dev eth0 proto dhcp src 192.168.7.2 metric 202
192.168.7.0/24 dev eth0 proto dhcp scope link src 192.168.7.2 metric 202
$ cat nano /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d
서버 2.-Nextcloud: 방화벽에서 얻은 것은 필수 v6 IP(정적 항목)가 아닙니다. -> xxxxxxx::d:1. 이유는 모르겠지만 DHCP 범위 -> ::d:3066에서 하나를 가져오고 정적 항목이 없습니다. 사용자는 방화벽을 ping할 수 있고, 방화벽은 호스트를 ping할 수 있습니다. 필요에 따라 서버에 액세스할 수 있습니다.
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether d0:50:99:76:7d:6b brd ff:ff:ff:ff:ff:ff
inet 192.168.5.2/24 brd 192.168.5.255 scope global dynamic eth0
valid_lft 6796sec preferred_lft 6796sec
inet6 2a02:8106:26:c205::d:3066/128 scope global
valid_lft forever preferred_lft forever
inet6 fe80::d250:99ff:fe76:7d6b/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:44:56:66:5e brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:44ff:fe56:665e/64 scope link
valid_lft forever preferred_lft forever
5: veth16f1c55@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 76:f8:c2:66:64:c2 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::74f8:c2ff:fe66:64c2/64 scope link
valid_lft forever preferred_lft forever
7: veth624ab49@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether f2:88:68:74:9b:a7 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::f088:68ff:fe74:9ba7/64 scope link
valid_lft forever preferred_lft forever
$ ip r
default via 192.168.5.1 dev eth0
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
192.168.5.0/24 dev eth0 proto kernel scope link src 192.168.5.2
$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
# This is an autoconfigured IPv6 interface
iface eth0 inet6 dhcp
서버 3.-메일카우: 방화벽에서 얻은 것은 필수 v6 IP(정적 항목)가 아닙니다. -> xxxxxxx::d:1. 이유는 모르겠지만 정적 항목 없이 DHCP 범위 -> 2a02:8106:26:c206::d:1fd7 중 하나를 얻었습니다. 방화벽을 ping할 수 없습니다.
$ ping 2a02:8106:26:c206:ec4:7aff:feac:791a
connect: network is not reachable
그리고 방화벽은 호스트를 ping할 수 없습니다. 서버에 전혀 접근할 수 없습니다.
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0b:ab:9c:b3:40 brd ff:ff:ff:ff:ff:ff
inet 192.168.6.2/24 brd 192.168.6.255 scope global dynamic enp0s25
valid_lft 6115sec preferred_lft 6115sec
inet6 2a02:8106:26:c206::d:1fd7/128 scope global
valid_lft forever preferred_lft forever
inet6 fe80::20b:abff:fe9c:b340/64 scope link
valid_lft forever preferred_lft forever
3: ens36: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether 00:0b:ab:9c:b3:41 brd ff:ff:ff:ff:ff:ff
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:86:52:78:26 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:86ff:fe52:7826/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::1/64 scope link
valid_lft forever preferred_lft forever
5: br-mailcow: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:98:71:e4:00 brd ff:ff:ff:ff:ff:ff
inet 172.22.1.1/24 brd 172.22.1.255 scope global br-mailcow
valid_lft forever preferred_lft forever
inet6 fe80::42:98ff:fe71:e400/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::1/64 scope link
valid_lft forever preferred_lft forever
7: veth9d1c8e9@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 92:69:ae:5f:16:94 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::9069:aeff:fe5f:1694/64 scope link
valid_lft forever preferred_lft forever
9: veth8c82697@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether ea:dd:2f:06:a8:ac brd ff:ff:ff:ff:ff:ff link-netnsid 3
inet6 fe80::e8dd:2fff:fe06:a8ac/64 scope link
valid_lft forever preferred_lft forever
11: vethe900989@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether ee:45:28:e8:f8:65 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::ec45:28ff:fee8:f865/64 scope link
valid_lft forever preferred_lft forever
13: vethfca3d8a@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 72:0e:57:52:f6:8c brd ff:ff:ff:ff:ff:ff link-netnsid 2
inet6 fe80::700e:57ff:fe52:f68c/64 scope link
valid_lft forever preferred_lft forever
15: veth047f50f@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 32:d4:40:15:0c:7f brd ff:ff:ff:ff:ff:ff link-netnsid 4
inet6 fe80::30d4:40ff:fe15:c7f/64 scope link
valid_lft forever preferred_lft forever
17: vethf6245fe@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 26:53:8b:26:c9:38 brd ff:ff:ff:ff:ff:ff link-netnsid 7
inet6 fe80::2453:8bff:fe26:c938/64 scope link
valid_lft forever preferred_lft forever
19: veth21a6fa3@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 5a:a7:a7:e2:86:5b brd ff:ff:ff:ff:ff:ff link-netnsid 6
inet6 fe80::58a7:a7ff:fee2:865b/64 scope link
valid_lft forever preferred_lft forever
21: vethd2d1e06@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 8e:79:e5:0e:a6:f1 brd ff:ff:ff:ff:ff:ff link-netnsid 10
inet6 fe80::8c79:e5ff:fe0e:a6f1/64 scope link
valid_lft forever preferred_lft forever
23: vethc10d2bc@if22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 76:99:da:1d:cd:0e brd ff:ff:ff:ff:ff:ff link-netnsid 9
inet6 fe80::7499:daff:fe1d:cd0e/64 scope link
valid_lft forever preferred_lft forever
25: veth201bcfc@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 46:d4:93:82:4b:6b brd ff:ff:ff:ff:ff:ff link-netnsid 8
inet6 fe80::44d4:93ff:fe82:4b6b/64 scope link
valid_lft forever preferred_lft forever
27: vethad8e436@if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether da:24:e6:37:3a:8c brd ff:ff:ff:ff:ff:ff link-netnsid 5
inet6 fe80::d824:e6ff:fe37:3a8c/64 scope link
valid_lft forever preferred_lft forever
29: vethbaf78e4@if28: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 9e:01:7b:70:9a:31 brd ff:ff:ff:ff:ff:ff link-netnsid 15
inet6 fe80::9c01:7bff:fe70:9a31/64 scope link
valid_lft forever preferred_lft forever
31: veth7eada94@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 2a:bd:24:d6:e9:8a brd ff:ff:ff:ff:ff:ff link-netnsid 13
inet6 fe80::28bd:24ff:fed6:e98a/64 scope link
valid_lft forever preferred_lft forever
33: vethd1e707c@if32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 7a:71:37:59:58:43 brd ff:ff:ff:ff:ff:ff link-netnsid 16
inet6 fe80::7871:37ff:fe59:5843/64 scope link
valid_lft forever preferred_lft forever
35: veth6d78c43@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 42:f1:b5:53:f5:5c brd ff:ff:ff:ff:ff:ff link-netnsid 14
inet6 fe80::40f1:b5ff:fe53:f55c/64 scope link
valid_lft forever preferred_lft forever
37: vethd1a9600@if36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 52:15:e7:eb:3e:ea brd ff:ff:ff:ff:ff:ff link-netnsid 11
inet6 fe80::5015:e7ff:feeb:3eea/64 scope link
valid_lft forever preferred_lft forever
39: veth621f244@if38: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 1e:af:a7:76:8e:c8 brd ff:ff:ff:ff:ff:ff link-netnsid 12
inet6 fe80::1caf:a7ff:fe76:8ec8/64 scope link
valid_lft forever preferred_lft forever
41: veth4284cea@if40: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-mailcow state UP group default
link/ether 32:ee:4d:9c:fb:6c brd ff:ff:ff:ff:ff:ff link-netnsid 17
inet6 fe80::30ee:4dff:fe9c:fb6c/64 scope link
valid_lft forever preferred_lft forever
$ ip r
default via 192.168.6.1 dev enp0s25
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
172.22.1.0/24 dev br-mailcow proto kernel scope link src 172.22.1.1
192.168.6.0/24 dev enp0s25 proto kernel scope link src 192.168.6.2
$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug enp0s25
iface enp0s25 inet dhcp
# This is an autoconfigured IPv6 interface
iface enp0s25 inet6 dhcp
서버 3이 서버 2와 동일한 구성을 가지고 있는데 왜 액세스할 수 없습니까? 라우팅에 IPv6 주소를 사용할 수 없나요?
감사합니다