Bug #15268
closed
Network Prefix Translation (NPt) not properly translating the prefix for unsolicited inbound connections
0%
Description
Unsolicited inbound traffic with the ISP prefix (external prefix) is always translated to the internal prefix specified in the top most entry of the NPt mapping table, rather than the prefix for the proper subnet.
Internet host: 2001:db8:10a:23a7::1
LAN1 static IPv6: 2001:db8:2:1::/64
LAN2 static IPv6: 2001:db8:2:2::/64
LAN3 (ISP delegated prefix): 2001:db8:1:1::/64
Pinging my PC in LAN1 from the internet host outside my network using the ISP delegated prefix: 2001:db8:1:1:58bd:bbd3:cd6d:3909
When the LAN1 NPt mapping entry is at the very top, the ping packets can reach my PC as expected.
NPt mapping and filtered state table as NPt-mapping-1.png and state-table-1.png.
When the LAN2 NPt mapping entry is moved before LAN1's entry, the ping packets can no longer reach my PC.
NPt mapping and filtered state table as NPt-mapping-2.png and state-table-2.png.
Files
| NPt-mapping-1.png (5.32 KB) NPt-mapping-1.png | |||
| state-table-1.png (22.9 KB) state-table-1.png | |||
| NPt-mapping-2.png (5.32 KB) NPt-mapping-2.png | |||
| state-table-2.png (18.6 KB) state-table-2.png |
Updated by 
Updated by 
