IPv6 npt nftables
Version vom 29. Januar 2024, 18:02 Uhr von Thomas.will (Diskussion | Beiträge)
- NPT-Tabelle erstellen
- sudo nft add table inet nat6
- NPT-Chain erstellen
- sudo nft add chain inet nat6 npt_chain { type nat hook postrouting priority 0 \; }
- NPT-Regel hinzufügen
- sudo nft add rule inet nat6 npt_chain ip6 saddr fd00:abcd::/64 oifname "eth0" counter masquerade
#!/usr/sbin/nft -f
table inet my_filter {
chain input {
type filter hook input priority 0; policy drop;
}
chain forward {
type filter hook forward priority 0; policy drop;
}
chain output {
type filter hook output priority 0; policy accept;
}
table inet my_nat {
chain prerouting {
type nat hook prerouting priority 0; policy accept;
}
chain postrouting {
type nat hook postrouting priority 100; policy accept;
ip6 saddr <internal_ula_subnet> oifname "eth0" map to <external_gua_subnet>
ip6 daddr <external_gua_subnet> iifname "eth0" map to <internal_ula_subnet>
}
}