Background: I am in a strange network that a router could only get single IPv6 address from the DHCPv6 server, that is to say, the IPv6 address of my route is a /128 address, which means I have to use NAT6 to enable IPv6 network for my devices in LAN.
With old versions of OpenWRT, I intsall ip6tables kmod-ipt-nat6 kmod-ip6tables kmod-ip6tables-extra
packages to enable NAT in IPv6 and add custom firewall scripts in /etc/firewall.user
:
ip6tables -t nat -A POSTROUTING -o pppoe-wan -j MASQUERADE
ip6tables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
ip6tables -A FORWARD -i br-lan -j ACCEPT
But it is rules written in iptables, not nftables. I have tried add custom nftables rules like:
table ip6 nat {
chain my_masquerade {
type nat hook postrouting priority srcnat;
oifname "pppoe-wan" masquerade
}
}
But I was told my syntax is error, seems like I have no right to add a new table in custom rules. How to solve this problem?
Further, it seems MWAN3 also could not work properly for the new firewall environment, sadly.