On Sun, Aug 28, 2016 at 04:50:47PM +0800, Liping Zhang wrote: > From: Liping Zhang <liping.zhang@xxxxxxxxxxxxxx> > > After commit "src: add 'to' for snat and dnat" in nftables tree, > we should recommend the end user to use the new syntax. > > Before this patch: > # iptables-translate -t nat -A POSTROUTING -j SNAT --to-source 1.1.1.1 > nft add rule ip nat POSTROUTING counter snat 1.1.1.1 > # ip6tables-translate -t nat -A PREROUTING -j DNAT --to-destination > 2001::1 > nft add rule ip6 nat PREROUTING counter dnat 2001::1 > > Apply this patch: > # iptables-translate -t nat -A POSTROUTING -j SNAT --to-source 1.1.1.1 > nft add rule ip nat POSTROUTING counter snat to 1.1.1.1 > # ip6tables-translate -t nat -A PREROUTING -j DNAT --to-destination > 2001::1 > nft add rule ip6 nat PREROUTING counter dnat to 2001::1 Applied, thanks! BTW, if you have some spare cycles, it would be great to use the square brackets in the translation output too I think. # ip6tables-translate -t nat -A PREROUTING -p tcp -j DNAT --to-destination [abcd::1]:30 nft add rule ip6 nat PREROUTING meta l4proto tcp counter dnat abcd::1 :30 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
