[FS#3225] ipv6 npt does not work

OpenWrt Bugs openwrt-bugs at lists.openwrt.org
Sat Jul 11 15:13:31 EDT 2020 

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

A new Flyspray task has been opened.  Details are below. 

User who did this - 尤晓杰 (youxiaojie) 

Attached to Project - OpenWrt/LEDE Project
Summary - ipv6 npt does not work
Task Type - Bug Report
Category - Kernel
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - Low
Priority - Very Low
Reported Version - Trunk
Due in Version - Undecided
Due Date - Undecided
Details - Supply the following if possible:
 - Device problem occurs on
 - Software versions of OpenWrt/LEDE release, packages, etc.
 - Steps to reproduce
   
I hope to use ipv6 npt(rfc6296 stateless npt), have kmod-ipt-nat6 installed.
I am sure about "ip6t_NPT" is about rfc6296
in source code:
MODULE_DESCRIPTION("IPv6-to-IPv6 Network Prefix Translation (RFC 6296)");


root at OpenWrt:~# ip6tables -t mangle -I POSTROUTING -s 2001:470:4999:100::/64  -o br-lan -j SNPT --src-pfx 2001:470:4999:100::/64 --dst-pfx 240e:82:901:9400::/64
ip6tables v1.8.3 (legacy): unknown option "--src-pfx"
Try `ip6tables -h' or 'ip6tables --help' for more information.

I have kmod-ipt-nat6 install, which contain NPT extension.

lsmod
x_tables               12656 37 ipt_REJECT,ipt_MASQUERADE,xt_time,xt_tcpudp,xt_tcpmss,xt_statistic,xt_state,xt_nat,xt_multiport,xt_mark,xt_mac,xt_limit,xt_length,xt_hl,xt_ecn,xt_dscp,xt_conntrack,xt_comment,xt_TCPMSS,xt_REDIRECT,xt_LOG,xt_HL,xt_FLOWOFFLOAD,xt_DSCP,xt_CT,xt_CLASSIFY,iptable_mangle,iptable_filter,ipt_ECN,ip_tables,xt_set,ip6t_NPT,ip6t_MASQUERADE,ip6table_mangle,ip6table_filter,ip6_tables,ip6t_REJECT


DNPT (IPv6-specific)
       Provides stateless destination IPv6-to-IPv6 Network Prefix Translation (as described by RFC 6296).

       You have to use this target in the mangle table, not in the nat table. It takes the following options:

       --src-pfx [prefix/length]
              Set source prefix that you want to translate and length

       --dst-pfx [prefix/length]
              Set destination prefix that you want to use in the translation and length

       You have to use the SNPT target to undo the translation. Example:

              ip6tables -t mangle -I POSTROUTING -s fd00::/64  -o vboxnet0 -j SNPT --src-pfx fd00::/64 --dst-pfx 2001:e20:2000:40f::/64

              ip6tables -t mangle -I PREROUTING -i wlan0 -d 2001:e20:2000:40f::/64 -j DNPT --src-pfx 2001:e20:2000:40f::/64 --dst-pfx fd00::/64

       You may need to enable IPv6 neighbor proxy:

              sysctl -w net.ipv6.conf.all.proxy_ndp=1

       You also have to use the NOTRACK target to disable connection tracking for translated flows.

does anyone have ideas?
 

More information can be found at the following URL:
https://bugs.openwrt.org/index.php?do=details&task_id=3225

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

More information about the openwrt-bugs mailing list