On Fri, Aug 30, 2013 at 8:18 AM, Adam Novak <ano...@soe.ucsc.edu> wrote: > Hello, > > With the latest patch you posted, and by doing "make > kernel_menuconfig" and searching for CONFIG_NF_NAT_IPV6 and enabling > all its dependencies (so it showed up in the menus under its > human-readable name) and then enabling it, I was indeed able to get it > to build the right modules. The userspace ip6tables seemed to have the > relevant bits already (unless my enabling of the various extra > packages for it added them); I think it mostly just passes table and > target names on to the kernel, right? So I now have working IPv6 > masquerade. > > Anyway, since this works now, I want to write up your last patch as a > formal [PATCH] message. Do you agree to release it under the > appropriate licenses for OpenWRT? > > Thanks again! You've been a great help.
Great news and thanks for testing! Please, add some words to OpenWrt Ticket #13446. Add some comments how you tested NAT IPv6 and that it works. As said the kernel-space side is done. I would prefer to split the "working" patch and put some comments in "include/netfilter.mk". As you have seen NAT IPv4 was a bit confusing with the kernel Kconfig-options and version-check. So 1/2 should correct this. 2/2 adds the kernel bits for NAT IPv6. If you enable CONFIG_NF_NAT_IPV6 you have to do sth. with CONFIG_IP6_NF_TARGET_MASQUERADE (ip6t_MASQUERADE.ko) and CONFIG_IP6_NF_TARGET_NPT (ip6t_NPT.ko). It's a so-called tristate (y|m|n) and see also comment #2 in Ticket #13446. As pointed out I don't know which version of iptables has support for NAT IPv6 and if OpenWrt ships it (for people wanting firewall support). Please add a comment in the changelog of the patch. I cannot say if OpenWrt developers NAK this due to incompleteness. I cannot test NAT IPv6 nor am I an expert on this area. ( So, it was only compile-tested here. ) Please, put a note about credits and mention Ticket #13446 as a reference in the changelog, too. I know OpenWrt people don't like that much to comment or write changelogs. I will help with reviewing. - Sedat - > -Adam > > On Thu, Aug 29, 2013 at 10:44 AM, Sedat Dilek <sedat.di...@gmail.com> wrote: >> On Thu, Aug 29, 2013 at 7:31 PM, Adam Novak <ano...@soe.ucsc.edu> wrote: >>> Hello, >>> >>> Thank you so much for your help! I will try your patch when I get home >>> this evening. >>> >> >> With [1] I was able to build a kernel, see also attached >> check-nf-nat-kmod.txt. >> ( But this is only kernel-space stuff. ) >> >> - Sedat - >> >> [1] >> https://dev.openwrt.org/attachment/ticket/13446/include-netfilter_mk-kernelspace-v3.diff _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
