Ipv6 SNAT and DNAT rules are configured. After the firewall is restarted, no corresponding rules are generated. Does fw3 support the generation of ipv6 rules by reading the configuration

 * Populating IPv6 nat table
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_lan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_lan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_wan1_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_wan1_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_umts1_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_umts1_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_loopback0_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_loopback0_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_loopback1_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_loopback1_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_wan6_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_wan6_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_rule'

/etc/config/firewall

config redirect
        option target 'DNAT'
        option enabled '1'
        option name 'test'
        option proto 'tcp udp'
        option src 'loopback0'
        option src_dport '9001'
        option dest_ip 'fd00::1'
        option dest_port '9001'
        option family 'ipv6'

config redirect
        option target 'SNAT'
        option proto 'any'
        option enabled '1'
        option name 'test_snat'
        option src_ip 'fd00::/64'
        option dest_ip 'fd01::/64'
        option dest 'loopback0'
        option src_dip 'fd00::3'
        option family 'ipv6'

ip6tables -nvL -t nat

Chain PREROUTING (policy ACCEPT 62 packets, 13337 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 17 packets, 1573 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
   65  5054 MASQUERADE  all      *      cell_wwan0  ::/0                 ::/0

Welcome to the community!

To be clear, you have installed any relevant IPv6 NAT software, correct?

IPv6 was generally designed not to use NAT - so those packages are not included in a default OpenWrt firmware image.

Also your title is quite long. That information could be added to be added to the post. You noted: "Does fw3 support the generation of ipv6 rules by reading the configuration". What's the output of:

ubus call system board

1 Like

The fw3 package does not support IPv6 NAT, it is only supported by fw4.

2 Likes

Thanks,i have installed some nat6 package
like this:
kmod-ipt-nat6 - 4.14.149-1
kmod-nf-nat6 - 4.14.149-1
kmod-nft-nat6 - 4.14.149-1

Ok fine, how about fw4, does it support?