Hi,
I'm using nftables on a vanilla 3.16 kernel and nft 0.3.
I want to do port forwarding for TCP port 51413 to host 192.168.0.20 and
I've configured my firewall like this:
table ip nat {
chain post {
type nat hook postrouting priority 0;
ip saddr 192.168.0.0/24 oif eth0 snat 192.168.1.2
}
chain pre {
type nat hook prerouting priority 0;
iif eth0 tcp dport 51413 dnat 192.168.0.20
}
}
no filter chain at all.
from the router I can find the port open:
HPING 192.168.0.20 (br0 192.168.0.20): S set, 40 headers + 0 data bytes
len=44 ip=192.168.0.20 ttl=64 DF id=0 sport=51413 flags=SA seq=0
len=44 ip=192.168.0.20 ttl=64 DF id=0 sport=51413 flags=SA seq=1
from the outside is closed:
HPING 188.218.168.147 (eth0 188.218.168.147): S set, 40 headers + 0 data bytes
len=46 ip=188.218.168.147 ttl=51 DF id=39456 sport=51413 flags=RA seq=0
len=46 ip=188.218.168.147 ttl=51 DF id=39467 sport=51413 flags=RA seq=1
if I sniff in the LAN nothing gets forwarded
Cheers,
--
Matteo Croce
OpenWrt Developer
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
