首先, 这个方法只能让内网一台机器用上ISATAP隧道(仅仅是简单的转发了相关数据包而已). 主要步骤分为两个:
只有一部分路由器本来的FIRMWARE支持转发协议号41的数据包, 如果你用的路由器不支持, 那就只能尝试dd-wrt或者openwrt了. 如果你的路由器很不幸的也不能刷这类自定义固件, 那也就没办法了..(嗯)
Linux类环境可以使用iptables实现转发(假设你的内网IP地址为192.168.0.10, 网关IP为192.168.0.1, 下同):
iptables -t nat -A PREROUTING -d 192.168.0.10 -p 41 -j DNAT --to 192.168.0.1
openwrt则可以修改文件 /etc/config/firewall: (此段为转载)
config redirect
option src wan
option dest lan
option dest_ip 192.168.0.10
option proto 41
至此, 第一步就做完了.
第二步, 可以用下面的脚本自动完成.
原文给出的bat脚本我在win7和winxp里都试过, 不能发挥应有的作用, 而且每次外网ip变动时都需要修改, 这对于动态ip用户更是无法接受的. 于是我用Python重写了一个脚本, 目前只能在XP系统使用. (其实要在Win7下用应该只需要很小的修改, 不过我暂时没测试环境:P)
注: 脚本中写的是上交的isatap隧道服务器配置, 如需使用其他服务器, 稍加修改即可.
#coding:gbk
#IPv6.py For Windows XP - By Felix Yan
# Change the following line if needed.
interface = "Automatic Tunneling Pseudo-Interface"
ipv6prefix = "2001:da8:8000:d011"
isatapserver = "202.112.26.246"
import sys, subprocess
print "Getting current IP address ... ",
sys.stdout.flush()
import urllib2, re
try:
page = urllib2.urlopen("http://www.ip138.com/ip2city.asp").read()
pub_ip = re.findall('\[([\d\.]+)\]', page)[0]
print pub_ip
except:
print "Failed"
sys.exit(1)
print "Disabling ISATAP ... ",
sys.stdout.flush()
ret = subprocess.Popen("netsh int ipv6 isatap set state disabled", shell=True, stdout=subprocess.PIPE)
if u"确定" not in unicode(ret.communicate()[0], "mbcs"):
print "Failed"
sys.exit(1)
print "Success"
print "Re-enabling ISATAP ... ",
sys.stdout.flush()
ret = subprocess.Popen("netsh int ipv6 isatap set state enabled", shell=True, stdout=subprocess.PIPE)
if u"确定" not in unicode(ret.communicate()[0], "mbcs"):
print "Failed"
sys.exit(1)
print "Success"
print "Deleting existing IPv6 address for ISATAP interface ... "
ret = subprocess.Popen("netsh int ipv6 show address \"" + interface + "\"", shell=True, stdout=subprocess.PIPE)
old_ip = re.findall(u"地址\s*:\s*([0-9a-fA-F\:\.]+)", unicode(ret.communicate()[0], "mbcs"))
for ip in old_ip:
print "Deleting " + ip + " ... "
#sys.stdout.flush()
ret = subprocess.Popen("netsh int ipv6 del address \"" + interface + "\" " + ip, shell=True, stdout=subprocess.PIPE)
#print ret.communicate()[0]
print "Adding correct IPv6 addresses ... "
new_ip = ["fe80::5efe:" + pub_ip, ipv6prefix + ":0:5efe:" + pub_ip]
for ip in new_ip:
print "Adding " + ip + " ... ",
sys.stdout.flush()
ret = subprocess.Popen("netsh int ipv6 add address \"" + interface + "\" " + ip, shell=True, stdout=subprocess.PIPE)
if u"确定" not in unicode(ret.communicate()[0], "mbcs"):
print "Failed"
sys.exit(1)
print "Success"
print "Getting interface id ... ",
sys.stdout.flush()
ret = subprocess.Popen("ipv6 if", shell=True, stdout=subprocess.PIPE)
id = re.findall("Interface ([\d]+): " + interface, ret.communicate()[0])
if len(id):
print "Success: " + id[0]
else:
print "Failed"
sys.exit(1)
print "Adding route ... "
route = "::" + isatapserver
ret = subprocess.Popen("ipv6 rtu ::/0 " + id[0] + "/" + route, shell=True, stdout=subprocess.PIPE)
result = ret.communicate()
print "Testing 2001:470:20::2 ... ",
sys.stdout.flush()
ret = subprocess.Popen("ping -n 1 2001:470:20::2", shell=True, stdout=subprocess.PIPE)
time = re.findall("\=([\d\.]+ms)", ret.communicate()[0])
if len(time):
print "Success: " + time[0]
else:
print "Failed"
sys.exit(1)
参考资料还有: http://serverfault.com/questions/89025/forwarding-protocol-41-6to4-to-a-linux-box