Jump to content
Калькуляторы

ipv6/ipv4 prefix translation через nftables

ne-vlezay80   

ne-vlezay80
Posted

Делается это так: 

nft add table ip6 ipv6_npt
nft add chain ip6 ipv6_npt_pre '{type filter chain prerouting priority 10;}'
nft add chain ip6 ipv6_npt_post '{type filter chain postrouting priority 10;}'

nft add rule ip6 ipv6_npt_pre iifname "wan0" ip6 daddr 2a0f:e44d:e7:101::/64 ip6 daddr set ip6 daddr and ::ffff:ffff:ffff:ffff or 2001:db8:8888:1e:: counter
nft add rule ip6 ipv6_npt_post oifname "wan0" ip6 saddr 2001:db8:8888:1e::/64 ip6 daddr set ip6 daddr and ::ffff:ffff:ffff:ffff or 2a0f:e44d:e7:101::/64 counter

Для ipv4 делаем аналогично. Если интерфейсов несколько, iifname, oifname нужно убрать и для ipv4 отключить rp_filter.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Followers 0
Go to topic listing У нага