Menu
▾
▴
#5451 ip6tables Destination NAT IP range inputs expecting IPv4 addresses
If you attempt to create a Destination NAT entry in the IPv6 module for ip6tables, it throws an error if you put IPv6 addresses in the destination IP ranges. If you put IPv4 addresses in there, it will accept the entry. My guess is that the code to validate the IP address has been copy/pasted from the IPv4 module and not modified.
Additional: This also happens on Source NAT entries too.
Although NAT is not often used with IPv6 there are occasions where it's needed such as on a remote server with only one IPv6 address setup as a VPN server.
Thanks for pointing this out - it will be fixed in the next Webmin release.
Still not fixed.
Marcus - which Webmin version are you running?
Sorry, should have said. Webmin 2.000 on Ubuntu Linux 22.04.1
To reproduce, try to add a DNS6 server enforcement rule.
Open Linux IPv6 Module
Select NAT table
Add a rule in the PREROUTING section
Check Destination NAT
IPs and ports for DNAT
- Check IP Range
-- Enter in first box 2001:4860:4860::8888
-- Port Range: Enter in first box: 53
Network protocol
- Equals: UDP
Destination TCP or UDP port
- Equals
- -- Port(s): 53
Creating the rule results in the module reporting an error:
Failed to save rule : Missing or invalid starting IP address for DNAT
Entering the rule from bash
ip6tables-legacy -t nat -I PREROUTING -p tcp --dport 53 -j DNAT --to [2001:4860:4860:0:0:0:0:8888]:53
Then clicking "Revert Configuration" in the module will show the rule and the IP box will be filled, but you cannot edit and re-save the rule.
This patch should fix the issue : https://github.com/webmin/webmin/commit/6075313456fc1a8fc6b7320cf60e27e6db2899b2
[Removed Silly Nonsense]
Thanks Jamie
Last edit: Marcus Dodlee 2022-09-27
Those files are actually linked in the source code, so the fix to /webmin/firewall/save_rule6.cgi will also fix /webmin/firewall6/save_rule6.cgi
No need for a donation !