diff options
| author | Chris Buechler <cmb@pfsense.org> | 2013-08-17 05:05:33 -0500 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2013-08-17 05:11:48 -0500 |
| commit | 44e72b7c2506c3dc8258439d9aa21a8cb60f8ba9 (patch) | |
| tree | 6c08fb0e989a47a31582fef6eb8c1384e52f594c /etc | |
| parent | 5ef99bd9fd52f6f0ff20e8488149b9a92f6846dc (diff) | |
| download | pfsense-44e72b7c2506c3dc8258439d9aa21a8cb60f8ba9.zip pfsense-44e72b7c2506c3dc8258439d9aa21a8cb60f8ba9.tar.gz | |
Fix selection of IPv6 target IP for IPv6 Outbound NAT rules.
This makes it possible (without source hacking) to do many:1 NAT of IPv6.
Some will rejoice. Some will curse.
This should really only be done in limited, specific circumstances. Don't develop the IPv4 NAT mentality with IPv6.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 2610b93..e93896c 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1348,6 +1348,12 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = " $protocol = " proto {$proto}"; } else $protocol = ""; + /* Set tgt for IPv6 */ + if ($proto == "ipv6") { + $natip = get_interface_ipv6($if); + if(is_ipaddrv6($natip)) + $tgt = "{$natip}/128"; + } /* Add the hard set source port (useful for ISAKMP) */ if($natport != "") $tgt .= " port {$natport}"; |
