From: Florian Westphal <fw@strlen.de>
To: Frank-Ulrich Sommer <orofuhin@gmail.com>
Cc: netfilter@vger.kernel.org
Subject: Re: Correct syntax for dnat in inet table?
Date: Thu, 6 Aug 2020 20:17:19 +0200 [thread overview]
Message-ID: <20200806181719.GD26394@breakpoint.cc> (raw)
In-Reply-To: <F31DCA98-C7C6-4C25-9B97-035E10C96ED0@gmail.com>
Frank-Ulrich Sommer <orofuhin@gmail.com> wrote:
> I'm using "nftables v0.9.0 (Fearless Fosdick)" on a Debian Buster based Raspberry Pi OS.
>
> I'm getting syntax errors when trying to redirect a port to another host via nftables.conf with the two lines starting with "iif eth0.100". The file does not contain a complete setup because I removed all rules not related to the problem.
>
> The first line produces "nftables.conf:10:41-42: Error: syntax error, unexpected to, expecting newline or semicolon". According to the manpage I would have expected the correct syntax for an inet table to be "...dnat ip to..."
>
> The second line without "to" produces "nftables.conf:11:56-56: Error: syntax error, unexpected newline".
>
> What would be the correct syntax if I want e.g. to forward traffic to port 1234 to IPv4 123.123.123.123 in an inet table?
>
> Here is the reduced nftables.conf causing these errors:
>
> #!/usr/sbin/nft -f
>
> flush ruleset
>
> table inet myfilter {
>
> chain port_forwarding {
> type nat hook prerouting priority 0; policy accept;
>
> iif eth0.100 tcp dport 1234 dnat ip to 123.123.123.123
> iif eth0.100 tcp dport 2345 dnat ip 123.123.123.123
> }
> }
nft list ruleset
table inet myfilter {
chain port_forwarding {
type nat hook prerouting priority filter; policy accept;
iif "lo" tcp dport 1234 dnat ip to 123.123.123.123
}
}
nft --version
nftables v0.9.5 (Capital Idea)
(I had to use different interface name because iif requires the name to exist
when parsing).
prev parent reply other threads:[~2020-08-06 18:17 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <6D405016-FCB8-44C5-86CF-EE18A9F75839@plutonium24.de>
2020-08-05 16:04 ` Correct syntax for dnat in inet table? Frank-Ulrich Sommer
2020-08-06 11:27 ` kfm
2020-08-06 18:17 ` Florian Westphal [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200806181719.GD26394@breakpoint.cc \
--to=fw@strlen.de \
--cc=netfilter@vger.kernel.org \
--cc=orofuhin@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.