Has anyone tried to automatically create the interface subchains in nat table for ipv6?
By default the
ip6tables-save -t nat contains only PREROUTING, INPUT, OUTPUT, and POSTROUTING
iptables-save -t nat contains
:postrouting_guest_rule - [0:0]
:postrouting_iot_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_guest_rule - [0:0]
:prerouting_iot_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_guest_postrouting - [0:0]
:zone_guest_prerouting - [0:0]
:zone_iot_postrouting - [0:0]
:zone_iot_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
I did, and here you go, I have it in a specific file to my ip6tables rules in
# Recreate special user chains from IPv4 NAT tables
iptables-save -t nat | sed -e "/\s[DS]NAT\s/d;/\sMASQUERADE$/d" | ip6tables-restore -T nat
iptables-save -t raw | ip6tables-restore -T raw
I run it after
option path '/etc/firewall.user'
config include 'nat6'
option path '/etc/firewall.nat6'
option reload '1'
I saw that somewhere in the wiki and tried to use it, but it failed cause I called the script after I added rules, like you have it under firewall.user .
But if firewall.user is called second it works like a charm.
Thanks for the help!
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.