Blame extensions/libip6t_SNPT.man
|
Packit Service |
d1fe03 |
Provides stateless source IPv6-to-IPv6 Network Prefix Translation (as described
|
|
Packit Service |
d1fe03 |
by RFC 6296).
|
|
Packit Service |
d1fe03 |
.PP
|
|
Packit Service |
d1fe03 |
You have to use this target in the
|
|
Packit Service |
d1fe03 |
.B mangle
|
|
Packit Service |
d1fe03 |
table, not in the
|
|
Packit Service |
d1fe03 |
.B nat
|
|
Packit Service |
d1fe03 |
table. It takes the following options:
|
|
Packit Service |
d1fe03 |
.TP
|
|
Packit Service |
d1fe03 |
\fB\-\-src\-pfx\fP [\fIprefix/\fP\fIlength]
|
|
Packit Service |
d1fe03 |
Set source prefix that you want to translate and length
|
|
Packit Service |
d1fe03 |
.TP
|
|
Packit Service |
d1fe03 |
\fB\-\-dst\-pfx\fP [\fIprefix/\fP\fIlength]
|
|
Packit Service |
d1fe03 |
Set destination prefix that you want to use in the translation and length
|
|
Packit Service |
d1fe03 |
.PP
|
|
Packit Service |
d1fe03 |
You have to use the DNPT target to undo the translation. Example:
|
|
Packit Service |
d1fe03 |
.IP
|
|
Packit Service |
d1fe03 |
ip6tables \-t mangle \-I POSTROUTING \-s fd00::/64 \! \-o vboxnet0
|
|
Packit Service |
d1fe03 |
\-j SNPT \-\-src-pfx fd00::/64 \-\-dst-pfx 2001:e20:2000:40f::/64
|
|
Packit Service |
d1fe03 |
.IP
|
|
Packit Service |
d1fe03 |
ip6tables \-t mangle \-I PREROUTING \-i wlan0 \-d 2001:e20:2000:40f::/64
|
|
Packit Service |
d1fe03 |
\-j DNPT \-\-src-pfx 2001:e20:2000:40f::/64 \-\-dst-pfx fd00::/64
|
|
Packit Service |
d1fe03 |
.PP
|
|
Packit Service |
d1fe03 |
You may need to enable IPv6 neighbor proxy:
|
|
Packit Service |
d1fe03 |
.IP
|
|
Packit Service |
d1fe03 |
sysctl -w net.ipv6.conf.all.proxy_ndp=1
|
|
Packit Service |
d1fe03 |
.PP
|
|
Packit Service |
d1fe03 |
You also have to use the
|
|
Packit Service |
d1fe03 |
.B NOTRACK
|
|
Packit Service |
d1fe03 |
target to disable connection tracking for translated flows.
|