nftables 1.0.6: snat with maps

Linux Netfilter discussions
 help / color / mirror / Atom feed

* nftables 1.0.6:  snat with maps
@ 2023-08-02 10:17 Mucha Marcin, Sieciuch.com
  2023-08-02 14:36 ` Eric
  0 siblings, 1 reply; 5+ messages in thread
From: Mucha Marcin, Sieciuch.com @ 2023-08-02 10:17 UTC (permalink / raw)
  To: netfilter

Hello,
I'm having trouble with moving from this snat rule:

chain source-nat {
        type nat hook postrouting priority 100; policy accept;
        ct state invalid drop;
        ip saddr 10.0.0.0/24 oif enp7s0 snat to 192.168.10.8 persistent;
        ip saddr 10.1.0.0/24 oif enp7s0 snat to 192.168.10.9 persistent;
        }
to the one that uses maps based on 
https://wiki.nftables.org/wiki-nftables/index.php/Multiple_NATs_using_nftables_maps 
:

chain source-nat {
         type nat hook postrouting priority 100; policy accept;
         ct state invalid drop;
         oif enp7s0 ip saddr maps {10.0.0.0/24 : 192.168.10.8, 
10.1.0.0/24 : 192.168.10.9};
}

My problem is - I'm getting syntax error after checking config with "nft 
-cf /etc/nftables.conf":
"/etc/nftables.conf:43:83-83: Error: syntax error, unexpected newline
     oif enp7s0 ip saddr maps {10.0.0.0/24 : 192.168.10.8, 10.1.0.0/24 : 
192.168.10.9};
                                                                          
             ^"
Could I ask you for a help?
System: Debian 12, Nftables 1.0.6
uname -a: 6.1.0-10-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.38-2 
(2023-07-27) x86_64 GNU/Linux


--
Thank you for your help!
Mucha Marcin


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: nftables 1.0.6:  snat with maps
  2023-08-02 10:17 nftables 1.0.6: snat with maps Mucha Marcin, Sieciuch.com
@ 2023-08-02 14:36 ` Eric
  0 siblings, 0 replies; 5+ messages in thread
From: Eric @ 2023-08-02 14:36 UTC (permalink / raw)
  To: Mucha Marcin, Sieciuch.com; +Cc: netfilter

On Wednesday, August 2nd, 2023 at 03:17, Mucha Marcin, Sieciuch.com <m.mucha@sieciuch.com> wrote:
> 
> chain source-nat {
> type nat hook postrouting priority 100; policy accept;
> ct state invalid drop;
> oif enp7s0 ip saddr maps {10.0.0.0/24 : 192.168.10.8, 10.1.0.0/24 : 192.168.10.9};
> }

I believe you are missing the "snat" operation in the second clause of the rule:

    oif enp7s0  snat ip saddr maps {10.0.0.0/24 : 192.168.10.8,
This guy ------ ^^^^


Eric

^ permalink raw reply	[flat|nested] 5+ messages in thread

* nftables 1.0.6: snat with maps
@ 2023-08-02 10:45 Mucha Marcin, Sieciuch.com
  2023-08-02 11:10 ` Florian Westphal
  0 siblings, 1 reply; 5+ messages in thread
From: Mucha Marcin, Sieciuch.com @ 2023-08-02 10:45 UTC (permalink / raw)
  To: netfilter

Hello,
I'm having trouble with moving from these snat rules:

chain source-nat {
        type nat hook postrouting priority 100; policy accept;
        ct state invalid drop;
        ip saddr 10.0.0.0/24 oif enp7s0 snat to 192.168.10.8 persistent;
        ip saddr 10.1.0.0/24 oif enp7s0 snat to 192.168.10.9 persistent;
        }
to the one that uses maps based on 
https://wiki.nftables.org/wiki-nftables/index.php/Multiple_NATs_using_nftables_maps 
:

chain source-nat {
         type nat hook postrouting priority 100; policy accept;
         ct state invalid drop;
         oif enp7s0 ip saddr maps {10.0.0.0/24 : 192.168.10.8, 
10.1.0.0/24 : 192.168.10.9};
}

My problem is - I'm getting syntax error after checking config with "nft 
-cf /etc/nftables.conf":
"/etc/nftables.conf:43:83-83: Error: syntax error, unexpected newline
     oif enp7s0 ip saddr maps {10.0.0.0/24 : 192.168.10.8, 10.1.0.0/24 : 
192.168.10.9};
                                                                          
             ^"
Could I ask you for a help?
System: Debian 12, Nftables 1.0.6
uname -a: 6.1.0-10-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.38-2 
(2023-07-27) x86_64 GNU/Linux


-
Thank you for your help!
Mucha Marcin

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: nftables 1.0.6: snat with maps
  2023-08-02 10:45 Mucha Marcin, Sieciuch.com
@ 2023-08-02 11:10 ` Florian Westphal
  2023-08-02 11:54   ` Mucha Marcin  (Sieciuch.com)
  0 siblings, 1 reply; 5+ messages in thread
From: Florian Westphal @ 2023-08-02 11:10 UTC (permalink / raw)
  To: Mucha Marcin, Sieciuch.com; +Cc: netfilter

Mucha Marcin, Sieciuch.com <m.mucha@sieciuch.com> wrote:
> Hello,
> I'm having trouble with moving from these snat rules:
> 
> chain source-nat {
>        type nat hook postrouting priority 100; policy accept;
>        ct state invalid drop;
>        ip saddr 10.0.0.0/24 oif enp7s0 snat to 192.168.10.8 persistent;
>        ip saddr 10.1.0.0/24 oif enp7s0 snat to 192.168.10.9 persistent;
>        }
> to the one that uses maps based on https://wiki.nftables.org/wiki-nftables/index.php/Multiple_NATs_using_nftables_maps
> :
> 
> chain source-nat {
>         type nat hook postrouting priority 100; policy accept;
>         ct state invalid drop;
>         oif enp7s0 ip saddr maps {10.0.0.0/24 : 192.168.10.8, 10.1.0.0/24 :
> 192.168.10.9};
> }
>
> My problem is - I'm getting syntax error after checking config with "nft -cf
> /etc/nftables.conf":
> "/etc/nftables.conf:43:83-83: Error: syntax error, unexpected newline
>     oif enp7s0 ip saddr maps {10.0.0.0/24 : 192.168.10.8, 10.1.0.0/24 :
> 192.168.10.9};
>            ^"
> Could I ask you for a help?

Did you mean
oif enp7s0 snat to ip saddr map {10.0.0.0/24 : 192.168.10.8, 10.1.0.0/24 : 192.168.10.9 }
?

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: nftables 1.0.6: snat with maps
  2023-08-02 11:10 ` Florian Westphal
@ 2023-08-02 11:54   ` Mucha Marcin  (Sieciuch.com)
  0 siblings, 0 replies; 5+ messages in thread
From: Mucha Marcin  (Sieciuch.com) @ 2023-08-02 11:54 UTC (permalink / raw)
  To: Florian Westphal; +Cc: netfilter

W dniu 2023-08-02 13:10, Florian Westphal napisaÅ‚(a):
> Mucha Marcin, Sieciuch.com <m.mucha@sieciuch.com> wrote:
>> Hello,
>> I'm having trouble with moving from these snat rules:
>> 
>> chain source-nat {
>>        type nat hook postrouting priority 100; policy accept;
>>        ct state invalid drop;
>>        ip saddr 10.0.0.0/24 oif enp7s0 snat to 192.168.10.8 
>> persistent;
>>        ip saddr 10.1.0.0/24 oif enp7s0 snat to 192.168.10.9 
>> persistent;
>>        }
>> to the one that uses maps based on 
>> https://wiki.nftables.org/wiki-nftables/index.php/Multiple_NATs_using_nftables_maps
>> :
>> 
>> chain source-nat {
>>         type nat hook postrouting priority 100; policy accept;
>>         ct state invalid drop;
>>         oif enp7s0 ip saddr maps {10.0.0.0/24 : 192.168.10.8, 
>> 10.1.0.0/24 :
>> 192.168.10.9};
>> }
>> 
>> My problem is - I'm getting syntax error after checking config with 
>> "nft -cf
>> /etc/nftables.conf":
>> "/etc/nftables.conf:43:83-83: Error: syntax error, unexpected newline
>>     oif enp7s0 ip saddr maps {10.0.0.0/24 : 192.168.10.8, 10.1.0.0/24 
>> :
>> 192.168.10.9};
>>            ^"
>> Could I ask you for a help?
> 
> Did you mean
> oif enp7s0 snat to ip saddr map {10.0.0.0/24 : 192.168.10.8, 
> 10.1.0.0/24 : 192.168.10.9 }
> ?

Thank you, now I understand my mistake.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2023-08-02 14:36 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-08-02 10:17 nftables 1.0.6: snat with maps Mucha Marcin, Sieciuch.com
2023-08-02 14:36 ` Eric
  -- strict thread matches above, loose matches on Subject: below --
2023-08-02 10:45 Mucha Marcin, Sieciuch.com
2023-08-02 11:10 ` Florian Westphal
2023-08-02 11:54   ` Mucha Marcin  (Sieciuch.com)

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox