libip6t_DNPT.man 981 Bytes
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Provides stateless destination IPv6-to-IPv6 Network Prefix Translation (as
described by RFC 6296).
.PP
You have to use this target in the
.B mangle
table, not in the
.B nat
table. It takes the following options:
.TP
\fB\-\-src\-pfx\fP [\fIprefix/\fP\fIlength]
Set source prefix that you want to translate and length
.TP
\fB\-\-dst\-pfx\fP [\fIprefix/\fP\fIlength]
Set destination prefix that you want to use in the translation and length
.PP
You have to use the SNPT target to undo the translation. Example:
.IP
ip6tables \-t mangle \-I POSTROUTING \-s fd00::/64 \! \-o vboxnet0
\-j SNPT \-\-src-pfx fd00::/64 \-\-dst-pfx 2001:e20:2000:40f::/64
.IP
ip6tables \-t mangle \-I PREROUTING \-i wlan0 \-d 2001:e20:2000:40f::/64
\-j DNPT \-\-src-pfx 2001:e20:2000:40f::/64 \-\-dst-pfx fd00::/64
.PP
You may need to enable IPv6 neighbor proxy:
.IP
26
sysctl \-w net.ipv6.conf.all.proxy_ndp=1
27
28
29
30
.PP
You also have to use the
.B NOTRACK
target to disable connection tracking for translated flows.