bugzilla-daemon at netfilter.org
2019-Jun-08 17:57 UTC
[Bug 1342] New: IPv6 NAT translates to addresses outside of specified range
https://bugzilla.netfilter.org/show_bug.cgi?id=1342 Bug ID: 1342 Summary: IPv6 NAT translates to addresses outside of specified range Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: NAT Assignee: netfilter-buglog at lists.netfilter.org Reporter: zrm at trustiosity.com Take a rule like this: ip6tables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 1000::1:ffff:ffff-1000::2:0:0 The kernel was then observed choosing the address 1000::2:ffff:ffff as the translation, which is outside the specified range. This is the code in find_best_ips_proto() in nf_nat_core.c. It assumes that in each u32 of the IPv6 address, the minimum value is not larger than the maximum, even though that is only required for the most significant u32 of the address. It also assumes the minimum will be zero (full_range) whenever the previously chosen u32 was not the maximum, which may not be true when the previous chosen u32 was the minimum. It might not be that unreasonable to just refuse IPV6 NAT ranges that split like this, but in that case it should be documented and there should be an error when you try to insert the rule. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190608/0fc10122/attachment.html>
bugzilla-daemon at netfilter.org
2019-Jun-08 17:59 UTC
[Bug 1342] IPv6 NAT translates to addresses outside of specified range
https://bugzilla.netfilter.org/show_bug.cgi?id=1342 zrm at trustiosity.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |zrm at trustiosity.com -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190608/482e7582/attachment.html>
bugzilla-daemon at netfilter.org
2019-Jun-20 06:04 UTC
[Bug 1342] IPv6 NAT translates to addresses outside of specified range
https://bugzilla.netfilter.org/show_bug.cgi?id=1342 Castrob <castro8583bennett at gmx.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |castro8583bennett at gmx.com --- Comment #1 from Castrob <castro8583bennett at gmx.com> --- May i know the solution? I also have the same problem Castro B, https://rechargevodafone.co.uk/ -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190620/191d0426/attachment.html>
Reasonably Related Threads
- [Bug 1077] New: New traffic reduces conntrack timeout
- [Bug 1277] New: v1.8.0 FTBFS on Void Linux due to conflicting definitions
- Can the require value be a function?
- where is MySQL-zrm-client rpm package?
- [Bug 2984] New: scp -3 authentication fails when providing key passphrases for two remote hosts