LinuxQuestions.org - hello folks need to enable iptables ip6 6-6 nat

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - hello folks need to enable iptables ip6 6-6 nat (https://www.linuxquestions.org/questions/linux-security-4/hello-folks-need-to-enable-iptables-ip6-6-6-nat-4175645941/)

dr.x	01-10-2019 11:23 AM

hello folks need to enable iptables ip6 6-6 nat

heel need help in linux to allow ipv6 nat src nat

i need it on centos 6 to allow rule like :
ip6tables -t nat -A POSTROUTING -o eth1 -j SNAT --to 2001:db8::1

but i see errors like

[root@server ~]# ip6tables -t nat -A POSTROUTING -o eth1 -j SNAT --to 2001:db8::1
ip6tables v1.4.7: unknown option `--to'
Try `ip6tables -h' or 'ip6tables --help' for more information.
[root@server ~]# ip6tables -t nat -A POSTROUTING -o eth1 -j SNAT
ip6tables v1.4.7: Couldn't load target `SNAT':/lib64/xtables/libip6t_SNAT.so: cannot open shared object file: No such file or directory

Try `ip6tables -h' or 'ip6tables --help' for more information.
[root@server ~]#

already install Xtables but no luck !

any help ?

dr.x	01-10-2019 11:40 AM

is there iptables pack on centos 6 contain :

/usr/lib64/xtables/libip6t_SNAT.so

??????????????????

scasey

01-10-2019 12:22 PM

man yum

Code:

yum provides libip6t_SNAT.so

(may need wildcards...check the man page)

Quote:

Try `ip6tables -h' or 'ip6tables --help' for more information.

Did you do that?

dr.x	01-10-2019 12:48 PM

Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
epel/metalink | 18 kB 00:00
* base: mirror.genesisadaptive.com
* epel: mirror.steadfastnet.com
* extras: ewr.edge.kernel.org
* updates: mirrors.usinternet.com
base | 3.7 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
Warning: 3.0.x versions of yum would erroneously match against filenames.
You can use "*/libip6t_SNAT.so" and/or "*bin/libip6t_SNAT.so" to get that behaviour
No Matches found
[root@server ~]#

lazydog

01-10-2019 01:57 PM

Quote:

Originally Posted by dr.x (Post 5947143)

ip6tables -t nat -A POSTROUTING -o eth1 -j SNAT --to 2001:db8::1

Change --to to --to-destination

dr.x	01-10-2019 02:10 PM

[root@server ~]# ip6tables -t nat -A POSTROUTING -o eth1 -j SNAT --to-destination 2001:db8::1
ip6tables v1.4.7: unknown option `--to-destination'
Try `ip6tables -h' or 'ip6tables --help' for more information.
[root@server ~]#

i see this lib file exist but in centos 7 iptables rpms

not sure why not exist with centos 6 ?

what can i do ?

vincix

01-16-2019 10:02 AM

You're using SNAT --to-destination, but you're supposed to use --to-source, because you're changing the ip source, not the ip destination. And you need to place (under normal circumstances) the public ip there. I'm guessing it was just a slip from lazydog, I'm sure he knows snat/dnat :)

All times are GMT -5. The time now is 02:48 AM.