Blame bootstrap_ver/extensions/libip6t_DNPT.man
|
Packit Service |
fa126c |
Provides stateless destination IPv6-to-IPv6 Network Prefix Translation (as
|
|
Packit Service |
fa126c |
described by RFC 6296).
|
|
Packit Service |
fa126c |
.PP
|
|
Packit Service |
fa126c |
You have to use this target in the
|
|
Packit Service |
fa126c |
.B mangle
|
|
Packit Service |
fa126c |
table, not in the
|
|
Packit Service |
fa126c |
.B nat
|
|
Packit Service |
fa126c |
table. It takes the following options:
|
|
Packit Service |
fa126c |
.TP
|
|
Packit Service |
fa126c |
\fB\-\-src\-pfx\fP [\fIprefix/\fP\fIlength]
|
|
Packit Service |
fa126c |
Set source prefix that you want to translate and length
|
|
Packit Service |
fa126c |
.TP
|
|
Packit Service |
fa126c |
\fB\-\-dst\-pfx\fP [\fIprefix/\fP\fIlength]
|
|
Packit Service |
fa126c |
Set destination prefix that you want to use in the translation and length
|
|
Packit Service |
fa126c |
.PP
|
|
Packit Service |
fa126c |
You have to use the SNPT target to undo the translation. Example:
|
|
Packit Service |
fa126c |
.IP
|
|
Packit Service |
fa126c |
ip6tables \-t mangle \-I POSTROUTING \-s fd00::/64 \! \-o vboxnet0
|
|
Packit Service |
fa126c |
\-j SNPT \-\-src-pfx fd00::/64 \-\-dst-pfx 2001:e20:2000:40f::/64
|
|
Packit Service |
fa126c |
.IP
|
|
Packit Service |
fa126c |
ip6tables \-t mangle \-I PREROUTING \-i wlan0 \-d 2001:e20:2000:40f::/64
|
|
Packit Service |
fa126c |
\-j DNPT \-\-src-pfx 2001:e20:2000:40f::/64 \-\-dst-pfx fd00::/64
|
|
Packit Service |
fa126c |
.PP
|
|
Packit Service |
fa126c |
You may need to enable IPv6 neighbor proxy:
|
|
Packit Service |
fa126c |
.IP
|
|
Packit Service |
fa126c |
sysctl -w net.ipv6.conf.all.proxy_ndp=1
|
|
Packit Service |
fa126c |
.PP
|
|
Packit Service |
fa126c |
You also have to use the
|
|
Packit Service |
fa126c |
.B NOTRACK
|
|
Packit Service |
fa126c |
target to disable connection tracking for translated flows.
|