Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fix selection of IPv6 target IP for IPv6 Outbound NAT rules.

This makes it possible (without source hacking) to do many:1 NAT of IPv6.

Some will rejoice. Some will curse.

This should really only be done in limited, specific circumstances. Don't develop the IPv4 NAT mentality with IPv6.
  • Loading branch information...
commit 44e72b7c2506c3dc8258439d9aa21a8cb60f8ba9 1 parent 5ef99bd
Chris Buechler cbuechler authored
Showing with 6 additions and 0 deletions.
  1. +6 −0 etc/inc/filter.inc
6 etc/inc/filter.inc
View
@@ -1348,6 +1348,12 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = "
$protocol = " proto {$proto}";
} else
$protocol = "";
+ /* Set tgt for IPv6 */
+ if ($proto == "ipv6") {
+ $natip = get_interface_ipv6($if);
+ if(is_ipaddrv6($natip))
+ $tgt = "{$natip}/128";
+ }
/* Add the hard set source port (useful for ISAKMP) */
if($natport != "")
$tgt .= " port {$natport}";
Please sign in to comment.
Something went wrong with that request. Please try again.