Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fix selection of IPv6 target IP for IPv6 Outbound NAT rules.

This makes it possible (without source hacking) to do many:1 NAT of IPv6.

Some will rejoice. Some will curse.

This should really only be done in limited, specific circumstances. Don't develop the IPv4 NAT mentality with IPv6.
  • Loading branch information...
commit 44e72b7c2506c3dc8258439d9aa21a8cb60f8ba9 1 parent 5ef99bd
@cbuechler cbuechler authored
Showing with 6 additions and 0 deletions.
  1. +6 −0 etc/inc/filter.inc
View
6 etc/inc/filter.inc
@@ -1348,6 +1348,12 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = "
$protocol = " proto {$proto}";
} else
$protocol = "";
+ /* Set tgt for IPv6 */
+ if ($proto == "ipv6") {
+ $natip = get_interface_ipv6($if);
+ if(is_ipaddrv6($natip))
+ $tgt = "{$natip}/128";
+ }
/* Add the hard set source port (useful for ISAKMP) */
if($natport != "")
$tgt .= " port {$natport}";
Please sign in to comment.
Something went wrong with that request. Please try again.