NAT IPv6 | local address <-> global scope

astein58 · June 9, 2020, 11:25am

Hi,

I try to NAT my local IPv6 network to an other local network which has public a gateway.
This is two Wireguard interfaces.

My local network I’m trying to NAT is fc10::/64 and the router IP is fc10::1.
I want to NAT this traffic to an other interface/IP fc00:bbbb:bbbb:bb01::4:4f2b

It is working fine with IPv4 but IPv6 is not working.

I looked at this but it did not solved my issue. Ip6tables SNAT, DNAT, MASQUERADE support - #3 by Tak

Here is a part of my configuration I was expecting to take care of the NAT.

    nptv6 {
        rule 500 {
            outbound-interface wg1
            source {
                prefix fc10::/64
            }
            translation {
                prefix fc00:bbbb:bbbb:bb01::4:4f2b/128
            }
        }
    }

If some one has some tips or lead I would greatly appreciate.
Thanks

jack9603301 · June 9, 2020, 2:24pm

Please pay attention to this task, but now the community has no good way to deal with it.

https://phabricator.vyos.net/T2518

astein58 · June 9, 2020, 4:10pm

Thank you @jack9603301.
I made it work by adding a rules to the firewall.

Surprisingly the rule is not related to any interface but it solved my issue.
If I remove it the IPv6 NAT is not working anymore.

default-action accept
        rule 1 {
            action accept
            state {
                established enable
                related enable
            }
        }

This is probably a bug…

I’m cleaning the configuration and I will add some information to the feature request you pointed me.

Thanks again

system · June 11, 2020, 4:11pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.