* Nat redirect using map
@ 2019-10-31 18:48 Daniel Huhardeaux
2019-10-31 19:12 ` Florian Westphal
0 siblings, 1 reply; 3+ messages in thread
From: Daniel Huhardeaux @ 2019-10-31 18:48 UTC (permalink / raw)
To: Netfilter list
Hi,
I have a map like this
map redirect_tcp {
type inet_service : inet_service
flags interval
elements = { 12345 : 12345, 36025 : smtp }
}
and want to use nat redirect but it fail with unexpecting to, expecting
EOF or semicolon. Here is the rule
nft add rule ip nat prerouting iif eth0 tcp dport map @redirect_tcp
redirect to @redirect_tcp
How can I get this working ?
Other: when using dnat for forwarding, should I take care of forward rules ?
Example for this kind of rule from wiki:
nft add rule nat prerouting iif eth0 tcp dport { 80, 443 } dnat
192.168.1.120
Thanks for any hint
--
TOOTAi Networks
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: Nat redirect using map
2019-10-31 18:48 Nat redirect using map Daniel Huhardeaux
@ 2019-10-31 19:12 ` Florian Westphal
2019-11-01 15:11 ` Daniel Huhardeaux
0 siblings, 1 reply; 3+ messages in thread
From: Florian Westphal @ 2019-10-31 19:12 UTC (permalink / raw)
To: Daniel Huhardeaux; +Cc: Netfilter list
Daniel Huhardeaux <tech@tootai.net> wrote:
> Hi,
>
> I have a map like this
>
> map redirect_tcp {
> type inet_service : inet_service
> flags interval
> elements = { 12345 : 12345, 36025 : smtp }
> }
>
> and want to use nat redirect but it fail with unexpecting to, expecting EOF
> or semicolon. Here is the rule
>
> nft add rule ip nat prerouting iif eth0 tcp dport map @redirect_tcp redirect
> to @redirect_tcp
This should work:
nft add rule ip nat prerouting iif eth0 ip protocol tcp redirect to : tcp dport map @redirect_tcp
> Other: when using dnat for forwarding, should I take care of forward rules ?
>
> Example for this kind of rule from wiki:
>
> nft add rule nat prerouting iif eth0 tcp dport { 80, 443 } dnat
> 192.168.1.120
You mean auto-accept dnatted connections? Try "ct status dnat accept"
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: Nat redirect using map
2019-10-31 19:12 ` Florian Westphal
@ 2019-11-01 15:11 ` Daniel Huhardeaux
0 siblings, 0 replies; 3+ messages in thread
From: Daniel Huhardeaux @ 2019-11-01 15:11 UTC (permalink / raw)
To: Netfilter list
Le 31/10/2019 à 20:12, Florian Westphal a écrit :
> Daniel Huhardeaux <tech@tootai.net> wrote:
>> Hi,
>>
>> I have a map like this
>>
>> map redirect_tcp {
>> type inet_service : inet_service
>> flags interval
>> elements = { 12345 : 12345, 36025 : smtp }
>> }
>>
>> and want to use nat redirect but it fail with unexpecting to, expecting EOF
>> or semicolon. Here is the rule
>>
>> nft add rule ip nat prerouting iif eth0 tcp dport map @redirect_tcp redirect
>> to @redirect_tcp
>
> This should work:
> nft add rule ip nat prerouting iif eth0 ip protocol tcp redirect to : tcp dport map @redirect_tcp
Yes !
>
>> Other: when using dnat for forwarding, should I take care of forward rules ?
>>
>> Example for this kind of rule from wiki:
>>
>> nft add rule nat prerouting iif eth0 tcp dport { 80, 443 } dnat
>> 192.168.1.120
>
> You mean auto-accept dnatted connections? Try "ct status dnat accept"
Exactly what I was looking for, many thanks.
Daniel
--
TOOTAi Networks
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-11-01 15:11 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-31 18:48 Nat redirect using map Daniel Huhardeaux
2019-10-31 19:12 ` Florian Westphal
2019-11-01 15:11 ` Daniel Huhardeaux
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).