This Patch removes the IPv4 only limitation for NAT.
IPv6 NAT support was added in Linux Kernel 3.7 and iptables 1.4.17
Signed-off-by: Ulrich Weber <u...@ocedo.com>
---
defaults.c | 8 ++++----
zones.c | 13 ++++++++-----
2 files changed, 12 insertions(+), 9 deletions(-)
diff --git a/defaults.c b/defaults.c
index 396cbf7..45d6de6 100644
--- a/defaults.c
+++ b/defaults.c
@@ -32,10 +32,10 @@ static const struct fw3_chain_spec default_chains[] = {
C(ANY, FILTER, CUSTOM_CHAINS, "forwarding_rule"),
C(ANY, FILTER, SYN_FLOOD, "syn_flood"),
- C(V4, NAT, UNSPEC, "delegate_prerouting"),
- C(V4, NAT, UNSPEC, "delegate_postrouting"),
- C(V4, NAT, CUSTOM_CHAINS, "prerouting_rule"),
- C(V4, NAT, CUSTOM_CHAINS, "postrouting_rule"),
+ C(ANY, NAT, UNSPEC, "delegate_prerouting"),
+ C(ANY, NAT, UNSPEC, "delegate_postrouting"),
+ C(ANY, NAT, CUSTOM_CHAINS, "prerouting_rule"),
+ C(ANY, NAT, CUSTOM_CHAINS, "postrouting_rule"),
C(ANY, MANGLE, UNSPEC, "mssfix"),
C(ANY, MANGLE, UNSPEC, "fwmark"),
diff --git a/zones.c b/zones.c
index 062ff2a..6d4d566 100644
--- a/zones.c
+++ b/zones.c
@@ -36,8 +36,8 @@ static const struct fw3_chain_spec zone_chains[] = {
C(ANY, FILTER, REJECT, "zone_%s_dest_REJECT"),
C(ANY, FILTER, DROP, "zone_%s_dest_DROP"),
- C(V4, NAT, SNAT, "zone_%s_postrouting"),
- C(V4, NAT, DNAT, "zone_%s_prerouting"),
+ C(ANY, NAT, SNAT, "zone_%s_postrouting"),
+ C(ANY, NAT, DNAT, "zone_%s_prerouting"),
C(ANY, RAW, NOTRACK, "zone_%s_notrack"),
@@ -45,8 +45,8 @@ static const struct fw3_chain_spec zone_chains[] = {
C(ANY, FILTER, CUSTOM_CHAINS, "output_%s_rule"),
C(ANY, FILTER, CUSTOM_CHAINS, "forwarding_%s_rule"),
- C(V4, NAT, CUSTOM_CHAINS, "prerouting_%s_rule"),
- C(V4, NAT, CUSTOM_CHAINS, "postrouting_%s_rule"),
+ C(ANY, NAT, CUSTOM_CHAINS, "prerouting_%s_rule"),
+ C(ANY, NAT, CUSTOM_CHAINS, "postrouting_%s_rule"),
{ }
};
@@ -217,13 +217,16 @@ fw3_load_zones(struct fw3_state *state, struct
uci_package *p)
if (zone->masq)
{
setbit(zone->flags[0], FW3_FLAG_SNAT);
+ setbit(zone->flags[1], FW3_FLAG_SNAT);
zone->conntrack = true;
}
if (zone->custom_chains)
{
setbit(zone->flags[0], FW3_FLAG_SNAT);
+ setbit(zone->flags[1], FW3_FLAG_SNAT);
setbit(zone->flags[0], FW3_FLAG_DNAT);
+ setbit(zone->flags[1], FW3_FLAG_DNAT);
}
setbit(zone->flags[0], fw3_to_src_target(zone->policy_input));
@@ -540,7 +543,7 @@ print_zone_rule(struct fw3_ipt_handle *handle, struct
fw3_state *state,
break;
case FW3_TABLE_NAT:
- if (zone->masq && handle->family == FW3_FAMILY_V4)
+ if (zone->masq)
{
fw3_foreach(msrc, &zone->masq_src)
fw3_foreach(mdest, &zone->masq_dest)
--
1.8.3.2
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
