那每当我从外网测试内网IPV6的时候就会出现下面的Warning
高手指导一下怎么解决,应该解决这个,网络就通了syslog: Ignoring non-LinkLocal MLD from :: received on br0/33
2021-06-29 19:50:09 Warning kernel: run out of client entry!
2021-06-29 19:50:09 Warning kernel: run out of client entry!
2021-06-29 19:50:09 Warning kernel: run out of client entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning syslog: Ignoring non-LinkLocal MLD from :: received on br0/33
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of client entry!
2021-06-29 19:50:10 Warning kernel: run out of group entry!
2021-06-29 19:50:10 Warning kernel: run out of group entry!
2021-06-29 19:50:10 Warning kernel: run out of client entry!
2021-06-29 19:50:10 Warning kernel: run out of client entry!
2021-06-29 19:50:10 Warning kernel: run out of client entry!
2021-06-29 19:50:10 Warning kernel: run out of group entry!
2021-06-29 19:50:10 Warning kernel: run out of client entry!
2021-06-29 19:50:10 Warning kernel: run out of client entry!
2021-06-29 19:50:10 Warning kernel: run out of group entry!
2021-06-29 19:50:11 Warning kernel: run out of client entry!
2021-06-29 19:50:11 Warning kernel: run out of client entry!
2021-06-29 19:50:11 Warning kernel: run out of client entry!
2021-06-29 19:50:11 Warning kernel: run out of client entry!
2021-06-29 19:50:11 Warning kernel: run out of group entry!
2021-06-29 19:50:11 Warning kernel: run out of group entry!
给各位认真研究问题的一个小福利,上面的问题虽然暂时没解决,但是我发现一个明显提升IPV6稳定性的设置方法,任何光猫xml文件里调整这几个值,如下:
基本上IPV6就稳定不掉了,设备更新、获取IPV6地址速度也超快,具体这几个值什么作用呢?自行搜索一下,就不解释了。
电信默认的值太大,导致IPV6经常性的不稳定。
<Value Name="DHCPV6S_REBIND_TIME" Value="120"/>
<Value Name="DHCPV6S_RENEW_TIME" Value="60"/>
<Value Name="V6_ADVDEFAULTLIFETIME" Value="60"/>
<Value Name="V6_MINRTRADVINTERVAL" Value="30"/>
<Value Name="V6_MAXRTRADVINTERVAL" Value="40"/> 折腾半天,又找到一张桥接路由表了,看样子防火墙还真不止一个,但是这个表接口太多,不敢乱动,头大试了都加上ACCEPT不行,-t brouter 里全加DROP或ACCEPT也不行,还要继续研究
#ebtables -L
Bridge table: filter
Bridge chain: INPUT, entries: 5, policy: ACCEPT
-j BRWANs_BIND_LANs
-j br_wan
-p IPv4 --ip-proto udp --ip-sport 68 --ip-dport 67 -j dhcps_disable
-j portmapping_igmp
-i wlan+ -j WLACL_INPUT
Bridge chain: FORWARD, entries: 10, policy: DROP
-o veth+ -j ACCEPT
-i veth+ -j ACCEPT
-j disBCMC
-j wlan_block
-j br_pppoe
-j macfilter_r
-j internet_accessright_b
-i wlan+ -j WLACL_FORWARD
-j vlanmapping
-j portmapping
Bridge chain: OUTPUT, entries: 2, policy: ACCEPT
-j BRWANs_BIND_LANs
-j br_wan_out
Bridge chain: BRWANs_BIND_LANs, entries: 2, policy: RETURN
-p IPv6 -o eth0.3 -j DROP
-p IPv6 -i eth0.3 -j DROP
Bridge chain: br_wan, entries: 1, policy: RETURN
-i nas0_2 -j DROP
Bridge chain: br_wan_out, entries: 1, policy: RETURN
-o nas0_2 -j DROP
Bridge chain: wlan_block, entries: 0, policy: RETURN
Bridge chain: br_pppoe, entries: 6, policy: RETURN
-p 802_1Q -i nas0_2 --vlan-encap PPP_DISC -j RETURN
-p 802_1Q -i nas0_2 --vlan-encap PPP_SES -j RETURN
-p PPP_DISC -o nas0_2 -j RETURN
-p PPP_SES -o nas0_2 -j RETURN
-i nas0_2 -j DROP
-o nas0_2 -j DROP
Bridge chain: macfilter_b, entries: 0, policy: ACCEPT
Bridge chain: macfilter_r, entries: 0, policy: RETURN
Bridge chain: internet_accessright_b, entries: 0, policy: ACCEPT
Bridge chain: disBCMC, entries: 3, policy: RETURN
-p IPv6 --ip6-proto ipv6-icmp --ip6-icmp-type 130/0:255 -j RETURN
-d Broadcast -j DROP
-d Multicast -j DROP
Bridge chain: dhcps_disable, entries: 1, policy: RETURN
-i eth0.3 -j DROP
Bridge chain: portmapping_igmp, entries: 1, policy: RETURN
-p IPv4 -i eth0.3 --ip-proto igmp -j DROP
Bridge chain: WLACL_INPUT, entries: 0, policy: RETURN
Bridge chain: WLACL_FORWARD, entries: 0, policy: RETURN
Bridge chain: vlanmapping, entries: 21, policy: DROP
-i nas0_2 -j RETURN
-i wlan1-vap6 -j RETURN
-i wlan1-vap5 -j RETURN
-i wlan1-vap4 -j RETURN
-i wlan1-vap3 -j RETURN
-i wlan1-vap2 -j RETURN
-i wlan1-vap1 -j RETURN
-i wlan1-vap0 -j RETURN
-i wlan1 -j RETURN
-i wlan0-vap6 -j RETURN
-i wlan0-vap5 -j RETURN
-i wlan0-vap4 -j RETURN
-i wlan0-vap3 -j RETURN
-i wlan0-vap2 -j RETURN
-i wlan0-vap1 -j RETURN
-i wlan0-vap0 -j RETURN
-i wlan0 -j RETURN
-i eth0.5 -j RETURN
-i eth0.4 -j RETURN
-i eth0.3 -j RETURN
-i eth0.2 -j RETURN
Bridge chain: portmapping, entries: 8, policy: ACCEPT
-i nas0_2 -o eth0.3 -j RETURN
-i eth0.3 -o nas0_2 -j RETURN
-i eth+ -o eth+ -j RETURN
-i eth+ -o wlan+ -j RETURN
-i wlan+ -o eth+ -j RETURN
-i wlan+ -o wlan+ -j RETURN
-i eth0+ -j DROP
-i wlan+ -j DROP
#ebtables -t broute -L
Bridge table: broute
Bridge chain: BROUTING, entries: 4, policy: ACCEPT
-j broute_vlanmapping
-j vlanbinding
-j br_pppoe
-j qos_eb_rules
Bridge chain: br_pppoe, entries: 1, policy: RETURN
-d 74:b7:b3:43:14:e8 -i nas0_2 -j DROP
Bridge chain: broute_vlanmapping, entries: 0, policy: RETURN
Bridge chain: vlanbinding, entries: 0, policy: RETURN
Bridge chain: broute_chain_eth0.2, entries: 0, policy: RETURN
Bridge chain: broute_chain_eth0.3, entries: 0, policy: RETURN
Bridge chain: broute_chain_eth0.4, entries: 0, policy: RETURN
Bridge chain: broute_chain_eth0.5, entries: 0, policy: RETURN
Bridge chain: broute_chain_wlan0, entries: 0, policy: RETURN
Bridge chain: broute_chain_wlan0-vap0, entries: 0, policy: RETURN
Bridge chain: broute_chain_wlan0-vap1, entries: 0, policy: RETURN
Bridge chain: broute_chain_wlan0-vap2, entries: 0, policy: RETURN
Bridge chain: broute_chain_wlan0-vap3, entries: 0, policy: RETURN
Bridge chain: broute_chain_wlan0-vap4, entries: 0, policy: RETURN
Bridge chain: broute_chain_wlan0-vap5, entries: 0, policy: RETURN
Bridge chain: broute_chain_wlan0-vap6, entries: 0, policy: RETURN
Bridge chain: qos_eb_rules, entries: 8, policy: RETURN
-p IPv4 -i eth0.3 --ip-dst 255.255.255.255 -j mark --mark-or 0x100 --mark-target CONTINUE
-p IPv4 --ip-dst 255.255.255.255 --ip-proto udp --ip-sport 5060 -j mark --mark-or 0x200 --mark-target CONTINUE
-p IPv4 --ip-dst 255.255.255.255 --ip-proto udp --ip-sport 9000:9010 -j mark --mark-or 0x300 --mark-target CONTINUE
-p IPv4 --ip-dst 192.168.111.34 -j mark --mark-or 0x400 --mark-target CONTINUE
-p IPv4 --ip-dst 255.255.255.255 -j mark --mark-or 0x500 --mark-target CONTINUE
-p IPv4 -j mark --mark-or 0x600 --mark-target CONTINUE
-p IPv4 -j mark --mark-or 0x700 --mark-target CONTINUE
-p IPv4 -j mark --mark-or 0x800 --mark-target CONTINUE
说到桥接表,那必须要有接口信息才好研究,接口信息如下:
#ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 32
link/ether b6:be:c8:6b:52:f9 brd ff:ff:ff:ff:ff:ff
3: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 32
link/ether 9a:90:b4:6a:81:77 brd ff:ff:ff:ff:ff:ff
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN qlen 1000
link/ether 74:b7:b3:43:14:e4 brd ff:ff:ff:ff:ff:ff
5: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:00:00:01:00:02 brd ff:ff:ff:ff:ff:ff
6: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:00:00:01:00:02 brd ff:ff:ff:ff:ff:ff
7: eth0.2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000
link/ether 74:b7:b3:43:14:e4 brd ff:ff:ff:ff:ff:ff
8: eth0.3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 1000
link/ether 74:b7:b3:43:14:e4 brd ff:ff:ff:ff:ff:ff
9: eth0.4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 1000
link/ether 74:b7:b3:43:14:e4 brd ff:ff:ff:ff:ff:ff
10: eth0.5: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 1000
link/ether 74:b7:b3:43:14:e4 brd ff:ff:ff:ff:ff:ff
11: eth0.6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:00:00:01:00:02 brd ff:ff:ff:ff:ff:ff
12: nas0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:00:00:01:00:02 brd ff:ff:ff:ff:ff:ff
13: pon0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:00:00:01:00:02 brd ff:ff:ff:ff:ff:ff
14: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 74:b7:b3:43:14:e4 brd ff:ff:ff:ff:ff:ff
15: wlan0-vap0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 82:b7:b3:43:14:e5 brd ff:ff:ff:ff:ff:ff
16: wlan0-vap1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 82:b7:b3:43:14:e6 brd ff:ff:ff:ff:ff:ff
17: wlan0-vap2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 82:b7:b3:43:14:e7 brd ff:ff:ff:ff:ff:ff
18: wlan0-vap3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 82:b7:b3:43:14:e0 brd ff:ff:ff:ff:ff:ff
19: wlan0-vap4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 82:b7:b3:43:14:e1 brd ff:ff:ff:ff:ff:ff
20: wlan0-vap5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 82:b7:b3:43:14:e2 brd ff:ff:ff:ff:ff:ff
21: wlan0-vap6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 82:b7:b3:43:14:e3 brd ff:ff:ff:ff:ff:ff
22: wlan1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 74:b7:b3:43:14:e5 brd ff:ff:ff:ff:ff:ff
23: wlan1-vap0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 8a:b7:b3:43:14:e6 brd ff:ff:ff:ff:ff:ff
24: wlan1-vap1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 8a:b7:b3:43:14:e7 brd ff:ff:ff:ff:ff:ff
25: wlan1-vap2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 8a:b7:b3:43:14:e0 brd ff:ff:ff:ff:ff:ff
26: wlan1-vap3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 8a:b7:b3:43:14:e1 brd ff:ff:ff:ff:ff:ff
27: wlan1-vap4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 8a:b7:b3:43:14:e2 brd ff:ff:ff:ff:ff:ff
28: wlan1-vap5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 8a:b7:b3:43:14:e3 brd ff:ff:ff:ff:ff:ff
29: wlan1-vap6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 8a:b7:b3:43:14:e4 brd ff:ff:ff:ff:ff:ff
30: pwlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:e0:4c:81:96:96 brd ff:ff:ff:ff:ff:ff
31: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN
link/sit 0.0.0.0 brd 0.0.0.0
32: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN
link/tunnel6 :: brd ::
33: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 74:b7:b3:43:14:e4 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.3/16 brd 192.168.255.255 scope global br0
valid_lft forever preferred_lft forever
inet6 240e:3b2:2c12:6b40:76b7:b3ff:fe43:14e4/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::1/64 scope link
valid_lft forever preferred_lft forever
34: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc noqueue state UNKNOWN
link/ppp
inet 183.15.*.* peer 183.15.*.*/32 scope global ppp0//公网,后几位隐
valid_lft forever preferred_lft forever
inet6 240e:3b0:2c11:6451:*:*:*:*/64 scope global dynamic//公网,后几位隐
valid_lft 2591961sec preferred_lft 604761sec
inet6 fe80::*:*:*:*/10 scope link//后几位隐
valid_lft forever preferred_lft forever
35: ppp1: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3
link/ppp
36: ppp2: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3
link/ppp
37: ppp3: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3
link/ppp
38: ppp4: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3
link/ppp
39: ppp5: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3
link/ppp
40: ppp6: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3
link/ppp
41: ppp7: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3
link/ppp
42: ppp8: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3
link/ppp
43: ppp9: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3
link/ppp
44: ppp10: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3
link/ppp
45: ppp11: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3
link/ppp
46: ppp12: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3
link/ppp
47: nas0_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc prio state UP qlen 10
link/ether 74:b7:b3:43:14:e6 brd ff:ff:ff:ff:ff:ff
inet 11.54.8.28/21 brd 11.54.15.255 scope global nas0_0
valid_lft forever preferred_lft forever
48: nas0_1: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 10
link/ether 74:b7:b3:43:14:e7 brd ff:ff:ff:ff:ff:ff
49: nas0_2: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 10
link/ether 74:b7:b3:43:14:e8 brd ff:ff:ff:ff:ff:ff
50: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether fe:84:ce:64:86:d8 brd ff:ff:ff:ff:ff:ff
inet 10.0.3.1/24 brd 10.0.3.255 scope global lxcbr0
valid_lft forever preferred_lft forever
52: vethUOWDKC: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master lxcbr0 state UP qlen 1000
link/ether fe:84:ce:64:86:d8 brd ff:ff:ff:ff:ff:ff
理论是研究完了,
理论解决办法:就是要把公网接口ppp0和内网接口br0,桥接起来
那如果做IPV6路由也行,但IPV6是动态的,牵涉太多,所以还是桥接方案简单,因为2个接口是固定不变的
再要研究一下桥接表。 IP6已经出来了吗 佩服楼主,我的PT928G也管不了ipv6防火墙,进Telnet查看ip6tables-save,发现有一条-A FORWARD -i ppp1 -j DROP,于是执行
ip6tables -D FWD_FIREWALL -i ppp1 -j DROP
终于正常了
页:
1
[2]