Daniel Huhardeaux <tech@xxxxxxxxxx> wrote:
> Hi,
>
> I have a map like this
>
> map redirect_tcp {
> type inet_service : inet_service
> flags interval
> elements = { 12345 : 12345, 36025 : smtp }
> }
>
> and want to use nat redirect but it fail with unexpecting to, expecting EOF
> or semicolon. Here is the rule
>
> nft add rule ip nat prerouting iif eth0 tcp dport map @redirect_tcp redirect
> to @redirect_tcp
This should work:
nft add rule ip nat prerouting iif eth0 ip protocol tcp redirect to : tcp dport map @redirect_tcp
> Other: when using dnat for forwarding, should I take care of forward rules ?
>
> Example for this kind of rule from wiki:
>
> nft add rule nat prerouting iif eth0 tcp dport { 80, 443 } dnat
> 192.168.1.120
You mean auto-accept dnatted connections? Try "ct status dnat accept"
