Talk:How to do NPTv6
In my setup, which admittedly is a Lithium preview, I needed another two entries in the vyatta-postconfig-bootup.script:
ip6tables -t mangle -I POSTROUTING -j VYOS_SNPT_HOOK
ip6tables -t mangle -I PREROUTING -j VYOS_DNPT_HOOK
I don't know if this is a known issue or a deliberate omission from the template, but I thought I'd mention it.
https://github.com/vyos/vyatta-cfg-firewall/commit/14df16fcb34930f6f4a95e73cd05ba63ae55743d#diff-b6cf27558fe3b07902d2aeb77128858dR148 These rules should be there already.
Should we also mention that NPTv6 isn't compatible with stateful firewall rules such as 'related' or 'established'? https://unix.stackexchange.com/questions/331224/is-there-a-way-to-have-nptv6-with-connection-tracking-on-linux