#216 ip6tables-restore does not work correctly with NAT

open
Vadim Kurland
None
5
2012-04-28
2012-04-28
Michael Monnerie
No

I seem to have a problematic ruleset. I activated ipv6 today, and get a failure when "ip6tables-restore" should be used:
#########################
Activating firewall script generated Sat Apr 28 22:30:57 2012 by zmi
Running prolog script
Device "tun2" does not exist.
Device "tun2" does not exist.
ip6tables-restore v1.4.6: ip6tables-restore: unable to initialize table 'nat'

Error occurred at line: 415
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
Running epilog script
#########################
Without any modifications, I just turn off the use of iptables, and the ruleset loads without a problem.

This is fwbuilder 5.1.0.3599 on kernel 3.0.26 with iptables v1.4.6

Discussion

  • Vadim Kurland
    Vadim Kurland
    2012-04-28

    you say "I just turn off use of iptables". w/hat do you turn off exactly and how ?

    I believe ip6tables does not support nat. For example, see "man ip6tables", it does not list table "nat" at all and does not have the usual SNAT/DNAT targets.

    I guess fwbuilder should be aware of this and issue an error, not letting you compile nat rules that won't load. I'll look into that.

     
  • Vadim Kurland
    Vadim Kurland
    2012-04-28

    • assigned_to: nobody --> vkurland
     
  • Sorry, should have meant "I just turn off use of iptables-restore", and instead generate a ruleset where each single rule is loaded. That works then.

    I tested now what you said, and turned OFF ipv6 in the NAT Policy - everything works as expected then. I thought that NAT for IPv6 was implemented already. And if not, it should just be ignored.

    Solved as for my problem, but should be fixed so others don't trip over this. Thanks.