IPv6 subnet forwarding Shorewall logic inverse #2587
-
I setup IPv6 through my VPS (forwarding all of the /64 subnet).
But this is wrong if I want external access to a GUA address. The correct rule should be:
This is the UCI firewall rule for these rules above:
Is there something wrong in the Shorewall rules generation? I don't want to use port forwarding, but use real IPv6 routing capabilities with firewall allowed ports through OMR. //Edit: Changed rule to include dest ip/range without exposing every hosts port. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
There might be some logic mismatches here1. Compared to the IPv4-case2, which handles this differently. Apart from that there might be additional logic issues how the shorewall config is created, because
Isn't the case for routing, it should be Footnotes |
Beta Was this translation helpful? Give feedback.
There might be some logic mismatches here1.
Compared to the IPv4-case2, which handles this differently.
Apart from that there might be additional logic issues how the shorewall config is created, because
Isn't the case for routing, it should be
to dest_ip
, thus changingnet = net: + dest_ip
tovpn = vpn: + dest-IP
.Footnotes
https://github.com/Ysurac/openmptcprouter-vps-admin/blob/develop/omr-admin.py#L723-L727 ↩
https://github.com/Ysurac/openmptcprouter-vps-admin/blob/develop/omr-admin.py#L644-L648 ↩