Amish <anon.amish@xxxxxxxxx> wrote:
> I have some NAT rules which worked fine till yesterday.
>
> But those rules started failing after I upgraded to Linux Kernel 5.2 (Arch
> Linux)
>
> Trimmed down version of rules are as follows:
>
> # cat /etc/nft.conf
> define localifaces = { "eth0" }
> define http_redirect_port = 3128
> flush ruleset
> add table ip nat
> add chain ip nat prerouting { type nat hook prerouting priority 0; }
> add rule ip nat prerouting tcp dport 80 iifname $localifaces redirect to
> $http_redirect_port
>
> # nft -f /etc/nft.conf
> nft1.conf:6:1-93: Error: Could not process rule: No such file or directory
> add rule ip nat prerouting tcp dport 80 iifname $localifaces redirect to
> $http_redirect_port
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> Same rules work perfectly on Linux 4.19.57 and 5.1.16
>
> # nft list table ip nat
> table ip nat {
> chain prerouting {
> type nat hook prerouting priority filter; policy accept;
> tcp dport 80 iifname { "eth0" } redirect to :3128
> }
> }
>
>
> Am I doing something wrong? Or something changed in kernel 5.2?
Does "modprobe nft_redir" fix this?
There is a patch to fix the autoload queued already.
