Le 31/10/2019 à 20:12, Florian Westphal a écrit :
Daniel Huhardeaux <tech@xxxxxxxxxx> wrote:Hi, I have a map like this map redirect_tcp { type inet_service : inet_service flags interval elements = { 12345 : 12345, 36025 : smtp } } and want to use nat redirect but it fail with unexpecting to, expecting EOF or semicolon. Here is the rule nft add rule ip nat prerouting iif eth0 tcp dport map @redirect_tcp redirect to @redirect_tcpThis should work: nft add rule ip nat prerouting iif eth0 ip protocol tcp redirect to : tcp dport map @redirect_tcp
Yes !
Other: when using dnat for forwarding, should I take care of forward rules ? Example for this kind of rule from wiki: nft add rule nat prerouting iif eth0 tcp dport { 80, 443 } dnat 192.168.1.120You mean auto-accept dnatted connections? Try "ct status dnat accept"
Exactly what I was looking for, many thanks. Daniel -- TOOTAi Networks
