Permalink
Browse files

Fix selection of IPv6 target IP for IPv6 Outbound NAT rules.

This makes it possible (without source hacking) to do many:1 NAT of IPv6.

Some will rejoice. Some will curse.

This should really only be done in limited, specific circumstances. Don't develop the IPv4 NAT mentality with IPv6.
  • Loading branch information...
1 parent 5ef99bd commit 44e72b7c2506c3dc8258439d9aa21a8cb60f8ba9 Chris Buechler committed Aug 17, 2013
Showing with 6 additions and 0 deletions.
  1. +6 −0 etc/inc/filter.inc
View
@@ -1348,6 +1348,12 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = "
$protocol = " proto {$proto}";
} else
$protocol = "";
+ /* Set tgt for IPv6 */
+ if ($proto == "ipv6") {
+ $natip = get_interface_ipv6($if);
+ if(is_ipaddrv6($natip))
+ $tgt = "{$natip}/128";
+ }
/* Add the hard set source port (useful for ISAKMP) */
if($natport != "")
$tgt .= " port {$natport}";

0 comments on commit 44e72b7

Please sign in to comment.