On Mon, Dec 28, 2015 at 5:50 PM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Fri, Dec 25, 2015 at 10:46:59PM +0530, Shivani Bhardwaj wrote: >> Add translation for target SNAT to nftables. >> >> Examples: >> >> $ sudo iptables-translate -t nat -A postrouting -o eth0 -j SNAT --to 1.2.3.4 >> nft add rule ip nat postrouting oifname eth0 counter snat 1.2.3.4 >> >> $ sudo iptables-translate -t nat -A postrouting -o eth0 -j SNAT --to 1.2.3.4-1.2.3.6 >> nft add rule ip nat postrouting oifname eth0 counter snat 1.2.3.4-1.2.3.6 >> >> $ sudo iptables-translate -t nat -A postrouting -p tcp -o eth0 -j SNAT --to 1.2.3.4:1-1023 >> nft add rule ip nat postrouting oifname eth0 ip protocol tcp counter snat 1.2.3.4:1-1023 >> >> $ sudo iptables-translate -t nat -A postrouting -o eth0 -j SNAT --to 1.2.3.4 --random >> nft add rule ip nat postrouting oifname eth0 counter snat 1.2.3.4 random >> >> $ sudo iptables-translate -t nat -A postrouting -o eth0 -j SNAT --to 1.2.3.4 --random-fully >> nft add rule ip nat postrouting oifname eth0 counter snat 1.2.3.4 fully-random > > If two flags are specified, then this should look like: > > ... postrouting oifname eth0 counter snat 1.2.3.4 fully-random,persistent > ^ > > In nft, we always represents flags as command separated values. > > Same applied to NFQUEUE translation and its flags; BTW you sent a > patch for this: > > http://patchwork.ozlabs.org/patch/559554/ > > It would be good if you can send a v2: > I'm sending v2 for this and DNAT. NFQUEUE and MARK is going to take some time. I'm having some trouble with their options. I'll send it soon. Thanks for your patience. > Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
