Execute the command: $ sudo ip6tables -t nat -I PREROUTING -p tcp --dport 333 -j DNAT --to-dest 2012:3456:789a:bcde:f012:3456:789a:bcde The DNAT target is accepted on the netfilter core : $ sudo ip6tables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp anywhere anywhere tcp dpt:333 to:2012:3456:789a:bcde:f012:3456:789a:bcde Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination But the ruleset is saved badly with /etc/init.d/ip6tables save, then /etc/init.d/ip6tables start display this error: * Loading ip6tables state and starting firewall ... ip6tables-restore v1.4.17: unknown option "--to-source" Error occurred at line: 7 Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information. Reproducible: Always Steps to Reproduce: $ sudo ip6tables-save -t nat > before $ sudo ip6tables -t nat -I PREROUTING -p tcp --dport 333 -j DNAT --to-dest 2012:3456:789a:bcde:f012:3456:789a:bcde $ sudo ip6tables-save -t nat > after $ diff before after 1c1 < # Generated by ip6tables-save v1.4.17 on Mon Mar 4 22:05:41 2013 --- > # Generated by ip6tables-save v1.4.17 on Mon Mar 4 22:05:50 2013 6a7 > -A PREROUTING -p tcp -m tcp --dport 333 -j DNAT --to-source 2012:3456:789a:bcde:f012:3456:789a:bcde 8c9 < # Completed on Mon Mar 4 22:05:41 2013 --- > # Completed on Mon Mar 4 22:05:50 2013 Actual Results: -A PREROUTING -p tcp -m tcp --dport 333 -j DNAT --to-source 2012:3456:789a:bcde:f012:3456:789a:bcde Expected Results: -A PREROUTING -p tcp -m tcp --dport 333 -j DNAT --to-destination 2012:3456:789a:bcde:f012:3456:789a:bcde emerge --info Portage 2.1.11.52 (!../usr/portage/profiles/default/linux/amd64/10.0/server, gcc-4.6.3, glibc-2.15-r3, 3.7.10-gentoo x86_64) ================================================================= System uname: Linux-3.7.10-gentoo-x86_64-Intel-R-_Atom-TM-_CPU_D525_@_1.80GHz-with-gentoo-2.1 KiB Mem: 4040460 total, 1954960 free KiB Swap: 4200992 total, 4200992 free Timestamp of tree: Tue, 05 Mar 2013 04:30:01 +0000 ld GNU ld (GNU Binutils) 2.22 distcc 3.1 x86_64-pc-linux-gnu [enabled] app-shells/bash: 4.2_p37 dev-lang/python: 2.7.3-r2, 3.2.3 dev-util/pkgconfig: 0.28 sys-apps/baselayout: 2.1-r1 sys-apps/openrc: 0.11.8 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.69 sys-devel/automake: 1.11.6 sys-devel/binutils: 2.22-r1 sys-devel/gcc: 4.6.3 sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82-r4 sys-kernel/linux-headers: 3.6 (virtual/os-headers) sys-libs/glibc: 2.15-r3 Repositories: gentoo ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=atom -O2 -pipe -fomit-frame-pointer" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /usr/share/openvpn/easy-rsa" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=atom -O2 -pipe -fomit-frame-pointer" DISTDIR="/mnt/archive/portage/distfiles" EMERGE_DEFAULT_OPTS="--autounmask=n" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distcc distlocks ebuild-locks fixlafiles merge-sync metadata-transfer news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://de-mirror.org/gentoo/ http://gentoo.tiscali.nl/ http://mirror.ovh.net/gentoo-distfiles/" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j8" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/mnt/archive/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow acpi amd64 apm bzip2 caps cracklib crypt cxx fontconfig gdbm gmp gpm iconv iproute2 ipv6 maildir mdev mmx multilib ncurses netlink nls nptl openmp openrc pcre posix readline session sqlite sqlite3 sse sse2 sse3 ssl ssse3 threads truetype udev unicode xml zlib" APACHE2_MODULES="actions alias authz_host dir log_config mime rewrite unique_id vhost_alias" CURL_SSL="gnutls" ELIBC="glibc" KERNEL="linux" LINGUAS="en" PYTHON_TARGETS="python2_7 python3_2" USERLAND="GNU" Unset: CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON ============================================================ equery u iptables [ Legend : U - final flag setting for installation] [ : I - package is installed with flag ] [ Colors : set, unset ] * Found these USE flags for net-firewall/iptables-1.4.17: U I + + ipv6 : Adds support for IP version 6 + + netlink : Build against libnfnetlink which enables the nfnl_osf util - - static-libs : Build static libraries
you could try 1.4.18 to see if it works any better
(In reply to comment #1) > you could try 1.4.18 to see if it works any better With 1.4.18 it works.