bugzilla-daemon at netfilter.org
2019-Jun-08 17:57 UTC
[Bug 1342] New: IPv6 NAT translates to addresses outside of specified range
https://bugzilla.netfilter.org/show_bug.cgi?id=1342
Bug ID: 1342
Summary: IPv6 NAT translates to addresses outside of specified
range
Product: netfilter/iptables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: NAT
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: zrm at trustiosity.com
Take a rule like this:
ip6tables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source
1000::1:ffff:ffff-1000::2:0:0
The kernel was then observed choosing the address 1000::2:ffff:ffff as the
translation, which is outside the specified range.
This is the code in find_best_ips_proto() in nf_nat_core.c. It assumes that in
each u32 of the IPv6 address, the minimum value is not larger than the maximum,
even though that is only required for the most significant u32 of the address.
It also assumes the minimum will be zero (full_range) whenever the previously
chosen u32 was not the maximum, which may not be true when the previous chosen
u32 was the minimum.
It might not be that unreasonable to just refuse IPV6 NAT ranges that split
like this, but in that case it should be documented and there should be an
error when you try to insert the rule.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190608/0fc10122/attachment.html>
bugzilla-daemon at netfilter.org
2019-Jun-08 17:59 UTC
[Bug 1342] IPv6 NAT translates to addresses outside of specified range
https://bugzilla.netfilter.org/show_bug.cgi?id=1342
zrm at trustiosity.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |zrm at trustiosity.com
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190608/482e7582/attachment.html>
bugzilla-daemon at netfilter.org
2019-Jun-20 06:04 UTC
[Bug 1342] IPv6 NAT translates to addresses outside of specified range
https://bugzilla.netfilter.org/show_bug.cgi?id=1342
Castrob <castro8583bennett at gmx.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |castro8583bennett at gmx.com
--- Comment #1 from Castrob <castro8583bennett at gmx.com> ---
May i know the solution? I also have the same problem
Castro B,
https://rechargevodafone.co.uk/
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190620/191d0426/attachment.html>
Seemingly Similar Threads
- [Bug 1077] New: New traffic reduces conntrack timeout
- [Bug 1277] New: v1.8.0 FTBFS on Void Linux due to conflicting definitions
- Can the require value be a function?
- where is MySQL-zrm-client rpm package?
- [Bug 2984] New: scp -3 authentication fails when providing key passphrases for two remote hosts