-1
I configure ipv6 dnat using ip6tables on my openwrt router:
ip6tables -t nat -I PREROUTING -p udp --dport 5100 -j DNAT --to-destination fdca:3aae:fe2e::1:53 # fdca:3aae:fe2e::1 is my router address
Then testing it on other linux server by dig like this:
dig -6 www.google.com @fdca:3aae:fe2e::1 -p5100
Dig failed with connection timed out after seconds. But the ip6tables pkts counter added 1 after executing the dig command. And tcpdump show that router received the udp packet but without reply. I tested ipv4 like this and succeed. So why did ipv6 failed?
TCPDUMP packets:
16:29:16.914206 IP6 fdca:3aae:fe2e:0:5054:ff:fe32:8d8b.48898 > fdca:3aae:fe2e::1.5100: UDP, length 43
ip6tables -t nat -L -x -n -v show:
Chain PREROUTING (policy ACCEPT 1 packets, 91 bytes) pkts bytes target prot opt in out source destination 8 728 DNAT udp * * ::/0 ::/0 udp dpt:5100 to:fdca:3aae:fe2e::1:53
cat /proc/net/nf_conntrack | grep 5100 show:
ipv6 10 udp 17 56 src=fdca:3aae:fe2e:0000:5054:00ff:fe32:8d8b dst=fdca:3aae:fe2e:0000:0000:0000:0000:0001 sport=47169 dport=5100 packets=1 bytes=91 [UNREPLIED] src=fdca:3aae:fe2e:0000:0000:0000:0001:0053 dst=fdca:3aae:fe2e:0000:5054:00ff:fe32:8d8b sport=5100 dport=47169 packets=0 bytes=0 mark=0 zone=0 use=2
Bing
Posted 2019-04-25T08:34:45.277
Reputation: 1
Does your destination host actually use the OpenWRT box as its gateway, i.e. send replies back through the same system? Routing must be symmetric for NAT to work properly. – user1686 – 2019-04-25T09:11:33.910
2Don't attempt to NAT with IPv6, route instead. – Michael Hampton – 2019-04-25T14:52:20.467