On Sat, May 30, 2015 at 03:27:40PM +0200, Bernhard Thaler wrote: > IPv4 iptables allows to REDIRECT/DNAT/SNAT any traffic over a bridge. > > e.g. REDIRECT > $ sysctl -w net.bridge.bridge-nf-call-iptables=1 > $ iptables -t nat -A PREROUTING -p tcp -m tcp --dport 8080 \ > -j REDIRECT --to-ports 81 > > This does not work with ip6tables on a bridge in NAT66 scenario > because the REDIRECT/DNAT/SNAT is not correctly detected. > > The bridge pre-routing (finish) netfilter hook has to check for a possible > redirect and then fix the destination mac address. This allows to use the > ip6tables rules for local REDIRECT/DNAT/SNAT REDIRECT similar to the IPv4 > iptables version. > > e.g. REDIRECT > $ sysctl -w net.bridge.bridge-nf-call-ip6tables=1 > $ ip6tables -t nat -A PREROUTING -p tcp -m tcp --dport 8080 \ > -j REDIRECT --to-ports 81 > > This patch makes it possible to use IPv6 NAT66 on a bridge. It was tested > on a bridge with two interfaces using SNAT/DNAT NAT66 rules. Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
