/* QUOTE Subject: NAT requires an output hook to be registered From: Konstantinos Tsakiltzidis <ktsakiltzidis () modulus ! gr> Date: 2018-04-05 13:01:43 Message-ID: 068b1ba5-1483-c3af-2858-a78a5989d0d3 () modulus ! gr [Download message RAW] the docs https://wiki.nftables.org/wiki-nftables/index.php/Performing_Network_Address_Translation_(NAT) forget to mention that it also needs an output chain hook in order for NAT to work, without it, even if someone has set both postrouting and prerouting, doing a masquare at postrouting will make loopback stop working /*UNQUOTE So this does not work: table ip nat1 { chain prerouting1 { type nat hook prerouting priority 0; policy accept; } chain postrouting1 { type nat hook postrouting priority 100; policy accept; oifname external masquerade } } You need to add chain output1 { type nat hook output priority 0; policy accept } to the nat table ? Where do I find any info on this ? Is there any reference in the man page ? sean -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
