Hi,
I can't help with your kernel error, but have a couple of comments about
your ruleset:
Configuration nftables (nft list ruleset):
table ip nat {
chain postrouting {
type nat hook postrouting priority 100; policy accept;
counter packets 0 bytes 0
oif "ens1f1" ip saddr 10.0.0.0/8 snat to 31.43.223.160-31.43.223.176 persistent
oif "ens1f1" ip saddr 192.168.0.0/16 snat to
31.43.223.160-31.43.223.176 persistent
oif "ens1f1" ip saddr 172.16.0.0/12 snat to
31.43.223.160-31.43.223.176 persistent
counter packets 0 bytes 0
}
}
table inet filter {
flowtable fastnat {
hook ingress priority 0
devices = { ens1f0, ens1f1 }
}
chain forward {
type filter hook forward priority 0; policy accept;
ip protocol { tcp, udp } flow offload @fastnat counter packets 3 bytes 323
counter packets 3 bytes 323
}
}
table ip raw {
ct helper pptp-gre {
type "pptp" protocol tcp
l3proto ip
}
chain prerouting {
type filter hook prerouting priority -300; policy accept;
tcp dport 1723 ct helper set "pptp-gre"
counter packets 84 bytes 5147
}
from nft man page:
"Unlike iptables, helper assignment needs to be performed after the
conntrack lookup has completed, for example with the default 0 hook
priority."
So I think you want priority > -200 for your prerouting chain.
https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains#Base_chain_priority
}
I also wonder if using a single inet table rather than your 3 separate
tables above would make any difference...?
Best Wishes,
Frank