Hello,
I need to redirect incoming traffict to two different servers
and all works fine using the following commands:
-----
nft add table portForward
nft add chain portForward prerouting { type nat hook prerouting priority
0 \; }
nft add chain portForward postrouting { type nat hook postrouting
priority 100 \; }
nft add rule portForward prerouting dnat tcp dport map \
{ 8888 : 192.168.2.3} : tcp dport map { 8888 : 80 }
nft add rule portForward prerouting dnat tcp dport map \
{ 9999 : 192.168.2.4} : tcp dport map { 9999 : 8080 }
-----
but when I try to inspect the table using
# nft list table portForward
the output is:
-----
table ip portForward {
chain prerouting {
type nat hook prerouting priority 0; policy accept;
dnat to :tcp dport map { 8888 : http}
dnat to :tcp dport map { 9999 : http-alt}
}
chain postrouting {
type nat hook postrouting priority 100; policy accept;
}
}
-----
I can't see the IP of the two different servers and if I use it
as input for "nft -f" this is the output
x:4:26-53: Error: transport protocol mapping is only valid after
transport protocol match
dnat to :tcp dport map { 8888 : http}
~~~~ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
my environment is Debian Stretch with:
$ nft -v
nftables v0.7 (Scrooge McDuck)
$ uname -a
Linux elrond 4.9.0-2-686-pae #1 SMP Debian 4.9.13-1 (2017-02-27) i686
GNU/Linux
the same happens using kernel 4.10 from experimental.
How can I obtain the differen IPs in the output of nft list table?
thank you
Edoardo
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
