Ip6tables table nat interface subchains

Has anyone tried to automatically create the interface subchains in nat table for ipv6?
By default the ip6tables-save -t nat contains only PREROUTING, INPUT, OUTPUT, and POSTROUTING
However iptables-save -t nat contains

:postrouting_guest_rule - [0:0]
:postrouting_iot_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_guest_rule - [0:0]
:prerouting_iot_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_guest_postrouting - [0:0]
:zone_guest_prerouting - [0:0]
:zone_iot_postrouting - [0:0]
:zone_iot_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]

as well.

Hi, @trendy,

I did, and here you go, I have it in a specific file to my ip6tables rules in /etc/firewall.nat6:

# Recreate special user chains from IPv4 NAT tables
iptables-save -t nat | sed -e "/\s[DS]NAT\s/d;/\sMASQUERADE$/d" | ip6tables-restore -T nat
iptables-save -t raw | ip6tables-restore -T raw

I run it after /etc/firewall.user in /etc/config/firewall:

config include
	option path '/etc/firewall.user'

config include 'nat6'
	option path '/etc/firewall.nat6'
	option reload '1'

Kind regards.

Spot on!
I saw that somewhere in the wiki and tried to use it, but it failed cause I called the script after I added rules, like you have it under firewall.user .
But if firewall.user is called second it works like a charm.
Thanks for the help!

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.