Hello,

how do achieve this:

how must files /etc/sysconfig/network-scripts/ look like to be the same as entering the following two commands … ip -f inet6 rule add fwmark 1 lookup 100
ip -f inet6 route add local ::/0 dev lo table 100
is there the localhost device lo correct, or does it have to be br0?

e.g. a file route-br0 with
192.168.1.0/24 via 10.10.10.1 dev br0
does the routing to the segment 192.168.1.0/24 via 10.10.10.1

/etc/sysconfig/ip6tables

*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]

-N DIVERT
-A DIVERT -j MARK –set-mark 1
-A DIVERT -j ACCEPT

-A PREROUTING -i br0 -p tcp -m socket -j DIVERT
-A PREROUTING -i br0 -p tcp -d 2a02:1788:2fd::b2ff:5302 –dport 80 -j TPROXY –tproxy-mark 0x1/0x1 –on-port 3129

COMMIT

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]

-A INPUT -i br0 -m tcp -p tcp –dport 22 -m state –state NEW -j ACCEPT
-A INPUT -i br0 -m tcp -p tcp –dport 80 -m state –state NEW -j ACCEPT
-A INPUT -i br0 -m tcp -p tcp –dport 443 -m state –state NEW -j ACCEPT

-A INPUT -i br0 -m tcp -p tcp –dport 3129 -m state –state NEW -j ACCEPT

the goal should be, that for specific IPv6 hosts (destination), the packets are redirected through the proxy running on the router box, other destinations should be just forwarded without proxy …

LAN port = br0 (dual stack), HE tunnel port = sit1 (ipv6 only), WAN port = eth1 (ipv4 only)

Thanks, Walter