summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/VyOS/Nptv6Rule.pm14
-rwxr-xr-xscripts/vyos-update-nptv6.pl4
2 files changed, 8 insertions, 10 deletions
diff --git a/lib/VyOS/Nptv6Rule.pm b/lib/VyOS/Nptv6Rule.pm
index d469020..d753e93 100644
--- a/lib/VyOS/Nptv6Rule.pm
+++ b/lib/VyOS/Nptv6Rule.pm
@@ -69,7 +69,7 @@ sub setup {
# Make SNPT ip6tables string
# POSTROUTING
-# ip6tables -t mangle -I VYOS_NPT_HOOK -s inside-pfx -o outside-if -j SNPT --src-pfx inside-pfx --dst-pfx outside-pfx
+# ip6tables -t nat -I VYOS_SNPT_HOOK -s inside-pfx -o outside-if -j NETMAP --to outside-pfx
sub make_snpt_string {
my ($self) = @_;
my $snpt_str = "";
@@ -82,9 +82,8 @@ sub make_snpt_string {
$snpt_str .= " -o ";
$snpt_str .= $self->{_outside_if};
}
- $snpt_str .= " -j SNPT --src-pfx ";
- $snpt_str .= $self->{_inside_pfx};
- $snpt_str .= " --dst-pfx ";
+ $snpt_str .= " -j NETMAP ";
+ $snpt_str .= " --to ";
$snpt_str .= $self->{_outside_pfx};
return $snpt_str;
@@ -92,7 +91,7 @@ sub make_snpt_string {
# Make DNPT ip6tables string
# PREROUTING
-# ip6tables -t mangle -I VYOS_NPT_HOOK -d outside-pfx -i outside-if -j DNPT --src-pfx outside-pfx --dst-pfx inside-pfx
+# ip6tables -t nat -I VYOS_DNPT_HOOK -d outside-pfx -i outside-if -j NETMAP --to inside-pfx
sub make_dnpt_string {
my ($self) = @_;
my $dnpt_str = "";
@@ -105,9 +104,8 @@ sub make_dnpt_string {
$dnpt_str .= " -i ";
$dnpt_str .= $self->{_outside_if};
}
- $dnpt_str .= " -j DNPT --src-pfx ";
- $dnpt_str .= $self->{_outside_pfx};
- $dnpt_str .= " --dst-pfx ";
+ $dnpt_str .= " -j NETMAP ";
+ $dnpt_str .= " --to ";
$dnpt_str .= $self->{_inside_pfx};
return $dnpt_str;
diff --git a/scripts/vyos-update-nptv6.pl b/scripts/vyos-update-nptv6.pl
index 5079a66..ed1d9da 100755
--- a/scripts/vyos-update-nptv6.pl
+++ b/scripts/vyos-update-nptv6.pl
@@ -53,7 +53,7 @@ if ($debug) {
# Send rule to iptables
sub send_iptables {
my @cmds = @_;
- my $prepend = $IPTABLES . " -t mangle ";
+ my $prepend = $IPTABLES . " -t nat ";
my $cmd;
for $cmd (@cmds) {
@@ -84,7 +84,7 @@ my @cmds;
# Loop through all loops, sorted numerically
for $rule (@rule_keys) {
print OUT "$rule: $rules{$rule}\n";
- my $tmp = `ip6tables -L -nv --line -t mangle`;
+ my $tmp = `ip6tables -L -nv --line -t nat`;
print OUT "iptables before:\n$tmp\n";
my $nrule = new VyOS::Nptv6Rule;
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-09 19:38:28 +0000