* Error adding a DNAT rule
@ 2020-09-15 3:07 vikaig
2020-09-15 8:57 ` Daniel
0 siblings, 1 reply; 2+ messages in thread
From: vikaig @ 2020-09-15 3:07 UTC (permalink / raw)
To: netfilter
Hello, I'm trying to add a DNAT rule, I tried many variations from the
Internet, in an IRC chat I was confirmed that my rule should work, but
I get an error, what could be wrong?(I use Debian 10)
$ sudo nft list ruleset
table inet nat {
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
}
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
oifname "ens3" ip6 saddr fd00::/48 masquerade
oifname "ens3" ip saddr 10.0.0.0/24 masquerade
}
}
table inet filter {
chain input {
type filter hook input priority filter; policy accept;
ct state { established, related } accept
ct state invalid drop
iifname "lo" accept
ip protocol icmp accept
meta l4proto ipv6-icmp accept
tcp dport 20414 accept
udp dport 51820 accept
reject
}
chain forward {
type filter hook forward priority filter; policy accept;
}
chain output {
type filter hook output priority filter; policy accept;
}
}
$ sudo nft 'add rule inet nat prerouting iifname "ens3" tcp dport
20415 dnat ip to 10.0.0.2'
Error: Could not process rule: No such file or directory
add rule inet nat prerouting iifname "ens3" tcp dport 20415 dnat ip to 10.0.0.2
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Error adding a DNAT rule
2020-09-15 3:07 Error adding a DNAT rule vikaig
@ 2020-09-15 8:57 ` Daniel
0 siblings, 0 replies; 2+ messages in thread
From: Daniel @ 2020-09-15 8:57 UTC (permalink / raw)
To: vikaig, netfilter
Hi
Le 15/09/2020 à 05:07, vikaig a écrit :
> Hello, I'm trying to add a DNAT rule, I tried many variations from the
> Internet, in an IRC chat I was confirmed that my rule should work, but
> I get an error, what could be wrong?(I use Debian 10)
> $ sudo nft list ruleset
> table inet nat {
> chain prerouting {
> type nat hook prerouting priority dstnat; policy accept;
> }
>
> chain postrouting {
> type nat hook postrouting priority srcnat; policy accept;
> oifname "ens3" ip6 saddr fd00::/48 masquerade
> oifname "ens3" ip saddr 10.0.0.0/24 masquerade
> }
> }
> table inet filter {
> chain input {
> type filter hook input priority filter; policy accept;
> ct state { established, related } accept
> ct state invalid drop
> iifname "lo" accept
> ip protocol icmp accept
> meta l4proto ipv6-icmp accept
> tcp dport 20414 accept
> udp dport 51820 accept
> reject
> }
>
> chain forward {
> type filter hook forward priority filter; policy accept;
> }
>
> chain output {
> type filter hook output priority filter; policy accept;
> }
> }
> $ sudo nft 'add rule inet nat prerouting iifname "ens3" tcp dport
> 20415 dnat ip to 10.0.0.2'
> Error: Could not process rule: No such file or directory
> add rule inet nat prerouting iifname "ens3" tcp dport 20415 dnat ip to 10.0.0.2
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Try by removing the ' before add and after 10.0.0.2
sudo nft add rule inet nat prerouting iifname "ens3" tcp dport 20415 dnat ip to 10.0.0.2
--
Daniel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-09-15 8:57 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-15 3:07 Error adding a DNAT rule vikaig
2020-09-15 8:57 ` Daniel
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.