1:1 NAT for IPv6 applies wrong subnet mask to "Single Host"
Adding an IPv6 1:1 NAT entry and choosing "Single Host" produces the resulting rule in /tmp/rules.debug:
binat on vmx0 from fd60:7f9c:65d8:1::2/32 to any -> 2607:5300:79:501:167:114:147:50/32
which is, well, wrong. I really don't want to NAT an entire /32's worth of address space, thanks.
Workaround: select "Network" instead of "Single Host" and choose "/128" as the subnet mask. That correctly generates the rule:
binat on vmx0 from fd60:7f9c:65d8:1::2 to any -> 2607:5300:79:501:167:114:147:50
Updated by Adam Thompson almost 5 years ago
While working through ticket #25935 with Chris Linstruth (from Netgate support) I just observed something very odd on my firewall:
A similar effect seems to strike the NPt mappings page; I had only ever entered /128 or /64 as the prefix length, but when going back to view it, it's now set to /112.
Is there any code in common between the 1:1 NAT page and the NPt page? Or replicated code, perhaps? I haven't had time to look at the source for either...
Scratch that, Chris put the /112 in there. The original bug stands, though.