深圳电信IPV6外网无法访问电脑任何端口，友华光猫型号PT925G

gwaiter · 发表于 2021-6-29 19:52:49

开日志发现关键，run out先不管
那每当我从外网测试内网IPV6的时候就会出现下面的Warning
高手指导一下怎么解决，应该解决这个，网络就通了syslog: Ignoring non-LinkLocal MLD from :: received on br0/33
2021-06-29 19:50:09 Warning kernel: run out of client entry!
2021-06-29 19:50:09 Warning kernel: run out of client entry!
2021-06-29 19:50:09 Warning kernel: run out of client entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning syslog: Ignoring non-LinkLocal MLD from :: received on br0/33
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of group entry!
2021-06-29 19:50:09 Warning kernel: run out of client entry!
2021-06-29 19:50:10 Warning kernel: run out of group entry!
2021-06-29 19:50:10 Warning kernel: run out of group entry!
2021-06-29 19:50:10 Warning kernel: run out of client entry!
2021-06-29 19:50:10 Warning kernel: run out of client entry!
2021-06-29 19:50:10 Warning kernel: run out of client entry!
2021-06-29 19:50:10 Warning kernel: run out of group entry!
2021-06-29 19:50:10 Warning kernel: run out of client entry!
2021-06-29 19:50:10 Warning kernel: run out of client entry!
2021-06-29 19:50:10 Warning kernel: run out of group entry!
2021-06-29 19:50:11 Warning kernel: run out of client entry!
2021-06-29 19:50:11 Warning kernel: run out of client entry!
2021-06-29 19:50:11 Warning kernel: run out of client entry!
2021-06-29 19:50:11 Warning kernel: run out of client entry!
2021-06-29 19:50:11 Warning kernel: run out of group entry!
2021-06-29 19:50:11 Warning kernel: run out of group entry!

gwaiter · 发表于 2021-6-29 21:26:38

给各位认真研究问题的一个小福利，上面的问题虽然暂时没解决，但是我发现一个明显提升IPV6稳定性的设置方法，任何光猫xml文件里调整这几个值，如下：

基本上IPV6就稳定不掉了，设备更新、获取IPV6地址速度也超快，具体这几个值什么作用呢？自行搜索一下，就不解释了。
电信默认的值太大，导致IPV6经常性的不稳定。

  <Value Name="DHCPV6S_REBIND_TIME" Value="120"/>
  <Value Name="DHCPV6S_RENEW_TIME" Value="60"/>

<Value Name="V6_ADVDEFAULTLIFETIME" Value="60"/>

  <Value Name="V6_MINRTRADVINTERVAL" Value="30"/>
<Value Name="V6_MAXRTRADVINTERVAL" Value="40"/>

gwaiter · 发表于 2021-7-1 00:12:33

折腾半天，又找到一张桥接路由表了，看样子防火墙还真不止一个，但是这个表接口太多，不敢乱动，头大试了都加上ACCEPT不行，-t brouter 里全加DROP或ACCEPT也不行，还要继续研究

#ebtables -L
Bridge table: filter

Bridge chain: INPUT, entries: 5, policy: ACCEPT
-j BRWANs_BIND_LANs
-j br_wan
-p IPv4 --ip-proto udp --ip-sport 68 --ip-dport 67 -j dhcps_disable
-j portmapping_igmp
-i wlan+ -j WLACL_INPUT

Bridge chain: FORWARD, entries: 10, policy: DROP
-o veth+ -j ACCEPT
-i veth+ -j ACCEPT
-j disBCMC
-j wlan_block
-j br_pppoe
-j macfilter_r
-j internet_accessright_b
-i wlan+ -j WLACL_FORWARD
-j vlanmapping
-j portmapping

Bridge chain: OUTPUT, entries: 2, policy: ACCEPT
-j BRWANs_BIND_LANs
-j br_wan_out

Bridge chain: BRWANs_BIND_LANs, entries: 2, policy: RETURN
-p IPv6 -o eth0.3 -j DROP
-p IPv6 -i eth0.3 -j DROP

Bridge chain: br_wan, entries: 1, policy: RETURN
-i nas0_2 -j DROP

Bridge chain: br_wan_out, entries: 1, policy: RETURN
-o nas0_2 -j DROP

Bridge chain: wlan_block, entries: 0, policy: RETURN

Bridge chain: br_pppoe, entries: 6, policy: RETURN
-p 802_1Q -i nas0_2 --vlan-encap PPP_DISC -j RETURN
-p 802_1Q -i nas0_2 --vlan-encap PPP_SES -j RETURN
-p PPP_DISC -o nas0_2 -j RETURN
-p PPP_SES -o nas0_2 -j RETURN
-i nas0_2 -j DROP
-o nas0_2 -j DROP

Bridge chain: macfilter_b, entries: 0, policy: ACCEPT

Bridge chain: macfilter_r, entries: 0, policy: RETURN

Bridge chain: internet_accessright_b, entries: 0, policy: ACCEPT

Bridge chain: disBCMC, entries: 3, policy: RETURN
-p IPv6 --ip6-proto ipv6-icmp --ip6-icmp-type 130/0:255 -j RETURN
-d Broadcast -j DROP
-d Multicast -j DROP

Bridge chain: dhcps_disable, entries: 1, policy: RETURN
-i eth0.3 -j DROP

Bridge chain: portmapping_igmp, entries: 1, policy: RETURN
-p IPv4 -i eth0.3 --ip-proto igmp -j DROP

Bridge chain: WLACL_INPUT, entries: 0, policy: RETURN

Bridge chain: WLACL_FORWARD, entries: 0, policy: RETURN

Bridge chain: vlanmapping, entries: 21, policy: DROP
-i nas0_2 -j RETURN
-i wlan1-vap6 -j RETURN
-i wlan1-vap5 -j RETURN
-i wlan1-vap4 -j RETURN
-i wlan1-vap3 -j RETURN
-i wlan1-vap2 -j RETURN
-i wlan1-vap1 -j RETURN
-i wlan1-vap0 -j RETURN
-i wlan1 -j RETURN
-i wlan0-vap6 -j RETURN
-i wlan0-vap5 -j RETURN
-i wlan0-vap4 -j RETURN
-i wlan0-vap3 -j RETURN
-i wlan0-vap2 -j RETURN
-i wlan0-vap1 -j RETURN
-i wlan0-vap0 -j RETURN
-i wlan0 -j RETURN
-i eth0.5 -j RETURN
-i eth0.4 -j RETURN
-i eth0.3 -j RETURN
-i eth0.2 -j RETURN

Bridge chain: portmapping, entries: 8, policy: ACCEPT
-i nas0_2 -o eth0.3 -j RETURN
-i eth0.3 -o nas0_2 -j RETURN
-i eth+ -o eth+ -j RETURN
-i eth+ -o wlan+ -j RETURN
-i wlan+ -o eth+ -j RETURN
-i wlan+ -o wlan+ -j RETURN
-i eth0+ -j DROP
-i wlan+ -j DROP

#ebtables -t broute -L
Bridge table: broute

Bridge chain: BROUTING, entries: 4, policy: ACCEPT
-j broute_vlanmapping
-j vlanbinding
-j br_pppoe
-j qos_eb_rules

Bridge chain: br_pppoe, entries: 1, policy: RETURN
-d 74:b7:b3:43:14:e8 -i nas0_2 -j DROP

Bridge chain: broute_vlanmapping, entries: 0, policy: RETURN

Bridge chain: vlanbinding, entries: 0, policy: RETURN

Bridge chain: broute_chain_eth0.2, entries: 0, policy: RETURN

Bridge chain: broute_chain_eth0.3, entries: 0, policy: RETURN

Bridge chain: broute_chain_eth0.4, entries: 0, policy: RETURN

Bridge chain: broute_chain_eth0.5, entries: 0, policy: RETURN

Bridge chain: broute_chain_wlan0, entries: 0, policy: RETURN

Bridge chain: broute_chain_wlan0-vap0, entries: 0, policy: RETURN

Bridge chain: broute_chain_wlan0-vap1, entries: 0, policy: RETURN

Bridge chain: broute_chain_wlan0-vap2, entries: 0, policy: RETURN

Bridge chain: broute_chain_wlan0-vap3, entries: 0, policy: RETURN

Bridge chain: broute_chain_wlan0-vap4, entries: 0, policy: RETURN

Bridge chain: broute_chain_wlan0-vap5, entries: 0, policy: RETURN

Bridge chain: broute_chain_wlan0-vap6, entries: 0, policy: RETURN

Bridge chain: qos_eb_rules, entries: 8, policy: RETURN
-p IPv4 -i eth0.3 --ip-dst 255.255.255.255 -j mark --mark-or 0x100 --mark-target CONTINUE
-p IPv4 --ip-dst 255.255.255.255 --ip-proto udp --ip-sport 5060 -j mark --mark-or 0x200 --mark-target CONTINUE
-p IPv4 --ip-dst 255.255.255.255 --ip-proto udp --ip-sport 9000:9010 -j mark --mark-or 0x300 --mark-target CONTINUE
-p IPv4 --ip-dst 192.168.111.34 -j mark --mark-or 0x400 --mark-target CONTINUE
-p IPv4 --ip-dst 255.255.255.255 -j mark --mark-or 0x500 --mark-target CONTINUE
-p IPv4 -j mark --mark-or 0x600 --mark-target CONTINUE
-p IPv4 -j mark --mark-or 0x700 --mark-target CONTINUE
-p IPv4 -j mark --mark-or 0x800 --mark-target CONTINUE

gwaiter · 发表于 2021-7-1 00:24:19

说到桥接表，那必须要有接口信息才好研究，接口信息如下：

#ip addr show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

   valid_lft forever preferred_lft forever

2: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 32

link/ether b6:be:c8:6b:52:f9 brd ff:ff:ff:ff:ff:ff

3: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 32

link/ether 9a:90:b4:6a:81:77 brd ff:ff:ff:ff:ff:ff

4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN qlen 1000

link/ether 74:b7:b3:43:14:e4 brd ff:ff:ff:ff:ff:ff

5: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

link/ether 00:00:00:01:00:02 brd ff:ff:ff:ff:ff:ff

6: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

link/ether 00:00:00:01:00:02 brd ff:ff:ff:ff:ff:ff

7: eth0.2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000

link/ether 74:b7:b3:43:14:e4 brd ff:ff:ff:ff:ff:ff

8: eth0.3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 1000

link/ether 74:b7:b3:43:14:e4 brd ff:ff:ff:ff:ff:ff

9: eth0.4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 1000

link/ether 74:b7:b3:43:14:e4 brd ff:ff:ff:ff:ff:ff

10: eth0.5: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN qlen 1000

link/ether 74:b7:b3:43:14:e4 brd ff:ff:ff:ff:ff:ff

11: eth0.6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

link/ether 00:00:00:01:00:02 brd ff:ff:ff:ff:ff:ff

12: nas0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

link/ether 00:00:00:01:00:02 brd ff:ff:ff:ff:ff:ff

13: pon0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

link/ether 00:00:00:01:00:02 brd ff:ff:ff:ff:ff:ff

14: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

link/ether 74:b7:b3:43:14:e4 brd ff:ff:ff:ff:ff:ff

15: wlan0-vap0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

link/ether 82:b7:b3:43:14:e5 brd ff:ff:ff:ff:ff:ff

16: wlan0-vap1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

link/ether 82:b7:b3:43:14:e6 brd ff:ff:ff:ff:ff:ff

17: wlan0-vap2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

link/ether 82:b7:b3:43:14:e7 brd ff:ff:ff:ff:ff:ff

18: wlan0-vap3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

link/ether 82:b7:b3:43:14:e0 brd ff:ff:ff:ff:ff:ff

19: wlan0-vap4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

link/ether 82:b7:b3:43:14:e1 brd ff:ff:ff:ff:ff:ff

20: wlan0-vap5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

link/ether 82:b7:b3:43:14:e2 brd ff:ff:ff:ff:ff:ff

21: wlan0-vap6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

link/ether 82:b7:b3:43:14:e3 brd ff:ff:ff:ff:ff:ff

22: wlan1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

link/ether 74:b7:b3:43:14:e5 brd ff:ff:ff:ff:ff:ff

23: wlan1-vap0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

link/ether 8a:b7:b3:43:14:e6 brd ff:ff:ff:ff:ff:ff

24: wlan1-vap1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

link/ether 8a:b7:b3:43:14:e7 brd ff:ff:ff:ff:ff:ff

25: wlan1-vap2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

link/ether 8a:b7:b3:43:14:e0 brd ff:ff:ff:ff:ff:ff

26: wlan1-vap3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

link/ether 8a:b7:b3:43:14:e1 brd ff:ff:ff:ff:ff:ff

27: wlan1-vap4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

link/ether 8a:b7:b3:43:14:e2 brd ff:ff:ff:ff:ff:ff

28: wlan1-vap5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

link/ether 8a:b7:b3:43:14:e3 brd ff:ff:ff:ff:ff:ff

29: wlan1-vap6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

link/ether 8a:b7:b3:43:14:e4 brd ff:ff:ff:ff:ff:ff

30: pwlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

link/ether 00:e0:4c:81:96:96 brd ff:ff:ff:ff:ff:ff

31: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN

link/sit 0.0.0.0 brd 0.0.0.0

32: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN

link/tunnel6 :: brd ::

33: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP

link/ether 74:b7:b3:43:14:e4 brd ff:ff:ff:ff:ff:ff

inet 192.168.1.3/16 brd 192.168.255.255 scope global br0

   valid_lft forever preferred_lft forever

inet6 240e:3b2:2c12:6b40:76b7:b3ff:fe43:14e4/64 scope global

   valid_lft forever preferred_lft forever

inet6 fe80::1/64 scope link

   valid_lft forever preferred_lft forever

34: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc noqueue state UNKNOWN

link/ppp

inet 183.15.*.* peer 183.15.*.*/32 scope global ppp0//公网，后几位隐

   valid_lft forever preferred_lft forever

inet6 240e:3b0:2c11:6451:*:*:*:*/64 scope global dynamic//公网，后几位隐

   valid_lft 2591961sec preferred_lft 604761sec

inet6 fe80::*:*:*:*/10 scope link//后几位隐

   valid_lft forever preferred_lft forever

35: ppp1: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3

link/ppp

36: ppp2: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3

link/ppp

37: ppp3: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3

link/ppp

38: ppp4: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3

link/ppp

39: ppp5: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3

link/ppp

40: ppp6: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3

link/ppp

41: ppp7: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3

link/ppp

42: ppp8: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3

link/ppp

43: ppp9: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3

link/ppp

44: ppp10: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3

link/ppp

45: ppp11: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3

link/ppp

46: ppp12: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 3

link/ppp

47: nas0_0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc prio state UP qlen 10

link/ether 74:b7:b3:43:14:e6 brd ff:ff:ff:ff:ff:ff

inet 11.54.8.28/21 brd 11.54.15.255 scope global nas0_0

   valid_lft forever preferred_lft forever

48: nas0_1: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 10

link/ether 74:b7:b3:43:14:e7 brd ff:ff:ff:ff:ff:ff

49: nas0_2: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 10

link/ether 74:b7:b3:43:14:e8 brd ff:ff:ff:ff:ff:ff

50: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP

link/ether fe:84:ce:64:86:d8 brd ff:ff:ff:ff:ff:ff

inet 10.0.3.1/24 brd 10.0.3.255 scope global lxcbr0

   valid_lft forever preferred_lft forever

52: vethUOWDKC: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master lxcbr0 state UP qlen 1000

link/ether fe:84:ce:64:86:d8 brd ff:ff:ff:ff:ff:ff

gwaiter · 发表于 2021-7-1 00:33:46

理论是研究完了，
理论解决办法：就是要把公网接口ppp0和内网接口br0，桥接起来
那如果做IPV6路由也行，但IPV6是动态的，牵涉太多，所以还是桥接方案简单，因为2个接口是固定不变的
再要研究一下桥接表。

13671758585 · 发表于 2023-8-19 00:19:14

IP6已经出来了吗

llluuuooozzz · 发表于 2024-3-4 22:22:18

佩服楼主，我的PT928G也管不了ipv6防火墙，进Telnet查看ip6tables-save，发现有一条-A FORWARD -i ppp1 -j DROP，于是执行
ip6tables -D FWD_FIREWALL -i ppp1 -j DROP
终于正常了

账号		自动登录	找回密码
密码			立即注册

深圳电信IPV6外网无法访问电脑任何端口，友华光猫型号PT925G

浏览过的版块