[Bug 280390] NPTv6 not working

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 01 Apr 2025 10:49:12 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280390

Tatsuki Makino <tatsuki_makino@hotmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tatsuki_makino@hotmail.com

--- Comment #19 from Tatsuki Makino <tatsuki_makino@hotmail.com> ---
I just tried this today :)

I don't know what's happening on the inside, but it seemed necessary to create
a record with outbound packets and return to an NPTv6 instance with the record,
so I made the following rules.

nptv6 bridge0 create int_prefix fd20:0:0:1:: ext_if vlan2 prefixlen 64
nptv6 vlan1 create int_prefix fd20:0:0:2:: ext_if vlan2 prefixlen 64
#define allow skipto 59900
add check-state
add 20 allow ...
add 30 allow ...
add 100 deny ip from any to any
#undef allow
add 59910 nptv6 bridge0 ip6 from any to any out recv bridge0 xmit vlan2
keep-state
add 59920 nptv6 vlan1 ip6 from any to any out recv vlan1 xmit vlan2 keep-state
add 59930 allow ip from any to any

It seems that the interface can also be identified and returned until the
dynamic rule times out.

-- 
You are receiving this mail because:
You are on the CC list for the bug.