Skip to content

Commit

Permalink
bugfix route ipv6
Browse files Browse the repository at this point in the history
harald42 committed Dec 2, 2016
1 parent fe5465d commit f004a9a
Showing 5 changed files with 124 additions and 5 deletions.
4 changes: 1 addition & 3 deletions banana-edge-native/edge_install_script.sh
Original file line number Diff line number Diff line change
@@ -43,10 +43,8 @@ radvd()
echo "\nInstall RADVD..."
apt-get install -y radvd
cp etc/radvd.conf /etc/radvd.conf #git link
cd /etc/init.d
cp etc/sysctl.conf /etc/sysctl.conf
service radvd start
cd $dir1
cd $dir2
}

read -p "Do you want to install Raspi-Edge-Native-Package (y/n)? " response
4 changes: 2 additions & 2 deletions banana-edge-native/etc/radvd.conf
Original file line number Diff line number Diff line change
@@ -20,8 +20,8 @@ interface tun0
AdvDefaultLifetime 200;
prefix aaaa::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvOnLink off;
AdvAutonomous off;
AdvPreferredLifetime 4294967295;
AdvValidLifetime 4294967295;
};
60 changes: 60 additions & 0 deletions banana-edge-native/etc/sysctl.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#

#kernel.domainname = example.com

# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3

##############################################################3
# Functions previously found in netbase
#

# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1

# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1

# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1

# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1


###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
1 change: 1 addition & 0 deletions banana-edge/edge_install_script.sh
Original file line number Diff line number Diff line change
@@ -39,6 +39,7 @@ radvd()
echo "\nInstall RADVD..."
apt-get install -y radvd
cp etc/radvd.conf /etc/radvd.conf
cp etc/sysctl.conf /etc/sysctl.conf
service radvd start
}

60 changes: 60 additions & 0 deletions banana-edge/etc/sysctl.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#

#kernel.domainname = example.com

# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3

##############################################################3
# Functions previously found in netbase
#

# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1

# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1

# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1

# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1


###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#

0 comments on commit f004a9a

Please sign in to comment.