Provide IPv6 services for old Alibaba Cloud shared ECS through tunnels

This article was published on 4 years ago , the content may be different from the actual situation. If there are errors in the article, please correct them. I will modify or hide the article according to the situation

Since my AliCloud student machine has not yet been able to activate IPv6, I decided to purchase a new cheapest t6 instance
Establish GRE tunnel between two instances through VPC intranet and configure NAT6 to provide IPv6

1. Configure IPv6 on the new machine

 This Alibaba Cloud already has relevant tutorials[ https://help.aliyun.com/document_detail/108465.html ][1]

2. Establish GRE tunnel on the new machine (not limited to GRE, other tunnels can also be used)

 IP tunnel add gre tunel mode gre remote Intranet IP ttl 1 of the old machine ip link set gre-tunnel up ip addr add fc00::1/64 dev gre-tunnel

3. Build GRE tunnel on old machine

 IP tunnel add gre tunel mode gre remote Intranet IP of new machine ttl 1 ip link set gre-tunnel up ip addr add fc00::2/64 dev gre-tunnel

4. Configure NAT6 on the new machine and forward ports 80 and 443
Because ECS provides the security group function, there are not too many restrictions in iptables

 vi /etc/sysctl.conf net.ipv6.conf.all.forwarding=1 Exit vi sysctl -p service ip6tables start ip6tables -P INPUT ACCEPT ip6tables -P OUTPUT ACCEPT ip6tables -P FORWARD ACCEPT ip6tables -F ip6tables -t nat -F ip6tables -t nat -I POSTROUTING -s fc00::2/128 -j MASQUERADE Ip6tables - t nat - I PREROUTING - p tcp - d New machine public network IPv6 -- dport 80 - j DNAT -- to destination fc00:: 2 Ip6tables - t nat - I PREROUTING - p tcp - d New machine public network IPv6 -- dport 443 - j DNAT -- to destination fc00:: 2

5. Configure the default route on the old machine

 ip -6 route add default via fc00::1

6. Modify Security Group
Open full access to each other's intranet IP on both machines
Open everyone's access to the port to be mapped on the new machine (the authorized object is::/0)
(Optional) Open ICMPv6 of new machine for local PING detection

7. Test effect

8. Save Settings
Old machine

 vi /etc/rc.local IP tunnel add gre tunel mode gre remote Intranet IP of new machine ttl 1 ip link set gre-tunnel up ip addr add fc00::2/64 dev gre-tunnel ip -6 route add default via fc00::1 Exit vi chmod +x /etc/rc.d/rc.local

New machine

 service ip6tables save chkconfig ip6tables on vi /etc/rc.local IP tunnel add gre tunel mode gre remote Intranet IP ttl 1 of the old machine ip link set gre-tunnel up ip addr add fc00::1/64 dev gre-tunnel Exit vi chmod +x /etc/rc.d/rc.local