netfilter.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Generic map, also with L4 protocol
@ 2025-01-27 20:37 Marc SCHAEFER
  2025-02-28 14:42 ` [SOLVED] " Marc SCHAEFER
  0 siblings, 1 reply; 2+ messages in thread
From: Marc SCHAEFER @ 2025-01-27 20:37 UTC (permalink / raw)
  To: netfilter

Hello,

for dynamic DNAT, I use:

   map multihoming_ext {
      type ipv4_addr . inet_service : ipv4_addr . inet_service
      elements = {
         46.140.72.218 . 8080  : 192.168.202.10 . 80,
         193.72.186.130 . 8080 : 192.168.202.10 . 80
      }
   }

   chain multihoming_prerouting {
      type nat hook prerouting priority -100; policy accept;

      dnat ip addr . port to ip daddr . tcp dport map @multihoming_ext
   }

This seems to DNAT correctly as wanted:

   46.140.72.218:8080 is DNATted to 192.168.202.10:80
and
   193.72.186.130:8080 is DATted to 192.168.202.10:80

To make it even more generic and dynamic, I would like to have also the
protocol in the map, something like:

   map multihoming_ext {
      type ipv4_addr . inet_proto . inet_service : ipv4_addr . inet_service
      elements = {
         46.140.72.218 . tcp . 8080  : 192.168.202.10 . 80,
         193.72.186.130 . tcp . 8080 : 192.168.202.10 . 80
      }
   }

However I have no idea how to modify the DNAT line itself to
get the L4 protocol from the map correctly.

Do you have any idea?

Thank you.

^ permalink raw reply	[flat|nested] 2+ messages in thread
* [SOLVED] Generic map, also with L4 protocol
  2025-01-27 20:37 Generic map, also with L4 protocol Marc SCHAEFER
@ 2025-02-28 14:42 ` Marc SCHAEFER
  0 siblings, 0 replies; 2+ messages in thread
From: Marc SCHAEFER @ 2025-02-28 14:42 UTC (permalink / raw)
  To: netfilter

Hello,

The goal was to add the L4 protocol in a DNAT map which maps
an external IP and port to an internal (private) IP and
port, for external services mapping to internal services.

Thanks to Pablo Neira Ayuso:

>    map multihoming_ext {
>       type ipv4_addr . inet_service : ipv4_addr . inet_service

        type ipv4_addr . inet_proto . inet_service : ipv4_addr . inet_service

>       elements = {
>          46.140.72.218 . 8080  : 192.168.202.10 . 80,
>          193.72.186.130 . 8080 : 192.168.202.10 . 80
>       }
>    }

+         46.140.72.218  . tcp . 8080 : 192.168.202.10 . 80,
+         193.72.186.130 . tcp . 8080 : 192.168.202.10 . 80,
+         46.140.72.218  . udp . 5353 : 192.168.202.10 . 53

>       dnat ip addr . port to ip daddr . tcp dport map @multihoming_ext

        # @th: transport header; destination port
        dnat ip addr . port to ip daddr . meta l4proto . @th,16,16 map @multihoming_ext

I could test it and it works.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-02-28 15:09 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-01-27 20:37 Generic map, also with L4 protocol Marc SCHAEFER
2025-02-28 14:42 ` [SOLVED] " Marc SCHAEFER

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).