Hi,
in the answer at:
marc.info/?l=netfilter&m=144286539313019&w=2
there is a cool example of how to use nft maps to write a rule
that defines multiple dnats:
nft add rule nat prerouting dnat \
tcp dport map { 1000 : 1.1.1.1, 2000 : 1.1.1.1 } : \
tcp dport map { 1000 : 1234, 1001 : 2222 }
Now I would like to do something similar with port redirections
to generalize rules like:
nft add rule nat prerouting tcp dport 22 redirect to 2222
found on the nftable wiki:
http://wiki.nftables.org/wiki-nftables/index.php/Performing_Network_Address_Translation_%28NAT%29
Here is my (faulty) command line:
# nft add rule nat prerouting redirect to tcp dport map { 22 : 2222, 23
: 2323 }
<cmdline>:1:37-74: Error: transport protocol mapping is only valid after
transport protocol match
add rule nat prerouting redirect to tcp dport map { 22 : 2222, 23 : 2323 }
I want to redirect a list of dports (22 and 23) to a correspondent list
of new dports (2222 and 2323).
I know that there is a way to do it but can't get the logic behind the
syntax of this.
giorgio
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
