On Mon, Sep 21, 2015 at 10:09:25AM +0800, 神楽坂玲奈 wrote:
> I'm doing many port forwarding service on a linux server. There will
> be many(may thousands of) port forward rule so I want to use nftables
> map to improve performance rather than just many rules.
>
> the policy will be [protocol : port -> address : port], like [tcp 1234
> -> 1.1.1.1:4321], forward tcp 1234 port to address 1.1.1.1 same
> protocol port 4321.
> the protocol may only tcp and udp. so it's also ok if the key can
> support only one port field. i can set maps and rules for each
> protocol.
>
> the problem is, how to define the value "ip:port" using map?
>
> I tried create 2 maps, using
>
> > nft add map nat forward_address {type inet_service : ipv4_addr \;}
> > nft add map nat forward_port {type inet_service : inet_service \;}
>
> but then I don't know how to set dnat rule....... seems the dnat
> destnation can only accept one map value? and also i don't know how to
> set "ip:port" as one value in map.
Could you provide an example of your iptables ruleset? Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
