IPv6 npt nftables
Zur Navigation springen
Zur Suche springen
- NPT-Tabelle erstellen
- sudo nft add table inet nat6
- NPT-Chain erstellen
- sudo nft add chain inet nat6 npt_chain { type nat hook postrouting priority 0 \; }
- NPT-Regel hinzufügen
- sudo nft add rule inet nat6 npt_chain ip6 saddr fd00:abcd::/64 oifname "eth0" counter masquerade
#!/usr/sbin/nft -f
define int_ula_sub = fd00:1:2:3::/64
define ext_gua_sub = 2a02:24d8:71:2444::/64
flush ruleset
table inet filter {
chain input {
type filter hook input priority filter;
}
chain forward {
type filter hook forward priority filter;
}
chain output {
type filter hook output priority filter;
}
}
table inet nat {
chain postrouting {
type nat hook postrouting priority 100;
snat ip6 prefix to ip6 saddr map { $int_ula_sub : $ext_gua_sub }
}
chain preouting {
type nat hook prerouting priority 100;
dnat ip6 prefix to ip6 daddr map { $ext_gua_sub : $int_ula_sub }
}
}
table inet nat {
chain postrouting {
type nat hook postrouting priority 100;
ip6 saddr $int_ula_sub oif "eth0" ip6 daddr $ext_gua_sub return
}
chain prerouting {
type nat hook prerouting priority 100;
ip6 daddr $ext_gua_sub iif "eth0" ip6 saddr $int_ula_sub return
}
}