[FS#500] firewall3: missing targets with IPv6 NAT

LEDE Bugs lede-bugs at lists.infradead.org
Fri Jun 30 06:56:18 PDT 2017


The following task has a new comment added:

FS#500 - firewall3: missing targets with IPv6 NAT
User who did this - Edward M. (user1831)

----------
Let's solve this problem, NAT is a fundamental feature!

I had a look at the executed IPv4 iptables nat commands (**fw3 -4 print | grep " nat "**) and re-executed those as ip6tables commands.

For this purpose, I have changed /etc/init.d/firewall so that the targets above are existent before the rules are applied. Unhappily it didn't solve the problem!

I created the targets, but it seems they couldn't found:


 * Populating IPv6 nat table
   * Zone 'lan'
Warning: ip6tc_append_entry(): No chain/target/match by that name
Warning: ip6tc_append_entry(): No chain/target/match by that name
   * Zone 'wan'
Warning: ip6tc_append_entry(): No chain/target/match by that name
Warning: ip6tc_append_entry(): No chain/target/match by that name


instead of:


 * Populating IPv6 nat table
   * Zone 'lan'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_lan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_lan_rule'
   * Zone 'wan'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_wan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_wan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_rule'




Executed after flushing and before re-starting fw3: 


ip6tables -t nat -N prerouting_rule
ip6tables -t nat -N postrouting_rule

ip6tables -t nat -N zone_lan_postrouting
ip6tables -t nat -N zone_lan_prerouting
ip6tables -t nat -N prerouting_lan_rule
ip6tables -t nat -N postrouting_lan_rule
ip6tables -t nat -A zone_lan_prerouting -m comment --comment "!fw3: user chain for prerouting" -j prerouting_lan_rule
ip6tables -t nat -A zone_lan_postrouting -m comment --comment "!fw3: user chain for postrouting" -j postrouting_lan_rule

ip6tables -t nat -N zone_wan_postrouting
ip6tables -t nat -N zone_wan_prerouting
ip6tables -t nat -N prerouting_wan_rule
ip6tables -t nat -N postrouting_wan_rule
ip6tables -t nat -A zone_wan_prerouting -m comment --comment "!fw3: user chain for prerouting" -j prerouting_wan_rule
ip6tables -t nat -A zone_wan_postrouting -m comment --comment "!fw3: user chain for postrouting" -j postrouting_wan_rule




I found https://github.com/akatrevorjay/openwrt-masq6, but I'm not sure about ULA prefix (**-s "$ula_prefix"**). Is this parameter mandatory?
----------

More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=500#comment2872



More information about the lede-bugs mailing list