I have some home servers in my lan, connecting to internet by an adsl My router is a linux-based x86 server, and I wrote script on it I updated the script to nftables some months ago...
It worked all right in ipv4....
One day, I found my isp provides ipv6 by dhcp-pd As the ipv6 address may change, It will be hard to set static global ipv6 addresses on servers. Then I'm considering about using unique local addresses. I'll need something like: ip6tables -t nat -A POSTROUTING -o eth0 -s fc00::/64 -j NETMAP --to 2006::/64 to nat the addresses to global addresses (and with proper dnat rules) But I can not find anything like that in nftables...
I've checked the offical wiki: nft_nat
But I can not understand how to use nft_nat.
If it's a /24 block in ipv4, it is even possible to enum all addresses into a map. But it is really impossible to enum a /64 block in ipv6...
So is there any way to do netmap by nftables? Or I have to revert to ip(6)tables? Or any other suggestion?
Thank you.
For those like me looking for up-to-date answer, the stateful network prefix translation aka NPT/NPTv6/NAT66 can be done with
nftables. There is a regular use case for this – RFC 7157, IPv6 Multihoming without Network Address Translation.Just place the following rule in the nat postrouting hook (use your prefix size):
You can prefix the rule with
oifname "<outgoing-interface>"to match only packets going out from a particular interface.