[FS#3225] ipv6 npt does not work

OpenWrt Bugs openwrt-bugs at lists.openwrt.org
Fri Oct 30 00:55:15 EDT 2020


THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

The following task has a new comment added:

FS#3225 - ipv6 npt does not work
User who did this - Luiz Angelo Daros de Luca (luizluca)

----------
NPT is mostly useless for OpenWrt as it breaks conntrack. The result is that you'll have a stateless firewall. It would only be useful if you have a firewall before or after the router with NPT.

The reason for that is when you use conntrack, you could simply use NETMAP as most of its costs are [[https://unix.stackexchange.com/questions/331224/is-there-a-way-to-have-nptv6-with-connection-tracking-on-linux|already paid]].

I do suggest you to use NETMAP instead of MASQUERADE.
----------

More information can be found at the following URL:
https://bugs.openwrt.org/index.php?do=details&task_id=3225#comment8938

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.



More information about the openwrt-bugs mailing list