diff options
| author | Merijn Evertse <merijn@trans-ix.nl> | 2019-01-29 14:45:34 +0100 |
|---|---|---|
| committer | Merijn Evertse <merijn@trans-ix.nl> | 2019-01-29 14:45:34 +0100 |
| commit | 6f79779ecf9ada95a13c15997810ca5c21ce7db3 (patch) | |
| tree | 1892bc71c1b3369c2c8390ca67e7879037788794 | |
| parent | 52fb9ab3f8a1d1aeda0149946b1e1b77617bc6cd (diff) | |
| download | vyatta-nat-6f79779ecf9ada95a13c15997810ca5c21ce7db3.tar.gz vyatta-nat-6f79779ecf9ada95a13c15997810ca5c21ce7db3.zip | |
T166: Changed NPTv6 to use NETMAP
| -rw-r--r-- | lib/VyOS/Nptv6Rule.pm | 14 | ||||
| -rwxr-xr-x | scripts/vyos-update-nptv6.pl | 4 |
2 files changed, 8 insertions, 10 deletions
diff --git a/lib/VyOS/Nptv6Rule.pm b/lib/VyOS/Nptv6Rule.pm index 3166325..f9e7632 100644 --- a/lib/VyOS/Nptv6Rule.pm +++ b/lib/VyOS/Nptv6Rule.pm @@ -70,7 +70,7 @@ sub setup { # Make SNPT ip6tables string # POSTROUTING -# ip6tables -t mangle -I VYOS_NPT_HOOK -s inside-pfx -o outside-if -j SNPT --src-pfx inside-pfx --dst-pfx outside-pfx +# ip6tables -t nat -I VYOS_SNPT_HOOK -s inside-pfx -o outside-if -j NETMAP --to outside-pfx sub make_snpt_string { my ($self) = @_; my $snpt_str = ""; @@ -83,9 +83,8 @@ sub make_snpt_string { $snpt_str .= " -o "; $snpt_str .= $self->{_outside_if}; } - $snpt_str .= " -j SNPT --src-pfx "; - $snpt_str .= $self->{_inside_pfx}; - $snpt_str .= " --dst-pfx "; + $snpt_str .= " -j NETMAP "; + $snpt_str .= " --to "; $snpt_str .= $self->{_outside_pfx}; return $snpt_str; @@ -93,7 +92,7 @@ sub make_snpt_string { # Make DNPT ip6tables string # PREROUTING -# ip6tables -t mangle -I VYOS_NPT_HOOK -d outside-pfx -i outside-if -j DNPT --src-pfx outside-pfx --dst-pfx inside-pfx +# ip6tables -t nat -I VYOS_DNPT_HOOK -d outside-pfx -i outside-if -j NETMAP --to inside-pfx sub make_dnpt_string { my ($self) = @_; my $dnpt_str = ""; @@ -106,9 +105,8 @@ sub make_dnpt_string { $dnpt_str .= " -i "; $dnpt_str .= $self->{_outside_if}; } - $dnpt_str .= " -j DNPT --src-pfx "; - $dnpt_str .= $self->{_outside_pfx}; - $dnpt_str .= " --dst-pfx "; + $dnpt_str .= " -j NETMAP "; + $dnpt_str .= " --to "; $dnpt_str .= $self->{_inside_pfx}; return $dnpt_str; diff --git a/scripts/vyos-update-nptv6.pl b/scripts/vyos-update-nptv6.pl index 5079a66..ed1d9da 100755 --- a/scripts/vyos-update-nptv6.pl +++ b/scripts/vyos-update-nptv6.pl @@ -53,7 +53,7 @@ if ($debug) { # Send rule to iptables sub send_iptables { my @cmds = @_; - my $prepend = $IPTABLES . " -t mangle "; + my $prepend = $IPTABLES . " -t nat "; my $cmd; for $cmd (@cmds) { @@ -84,7 +84,7 @@ my @cmds; # Loop through all loops, sorted numerically for $rule (@rule_keys) { print OUT "$rule: $rules{$rule}\n"; - my $tmp = `ip6tables -L -nv --line -t mangle`; + my $tmp = `ip6tables -L -nv --line -t nat`; print OUT "iptables before:\n$tmp\n"; my $nrule = new VyOS::Nptv6Rule; |