On 11/07/19 5:47 pm, Florian Westphal wrote:
Amish <anon.amish@xxxxxxxxx> wrote:I have some NAT rules which worked fine till yesterday. But those rules started failing after I upgraded to Linux Kernel 5.2 (Arch Linux) Trimmed down version of rules are as follows: # cat /etc/nft.conf define localifaces = { "eth0" } define http_redirect_port = 3128 flush ruleset add table ip nat add chain ip nat prerouting { type nat hook prerouting priority 0; } add rule ip nat prerouting tcp dport 80 iifname $localifaces redirect to $http_redirect_port # nft -f /etc/nft.conf nft1.conf:6:1-93: Error: Could not process rule: No such file or directory add rule ip nat prerouting tcp dport 80 iifname $localifaces redirect to $http_redirect_port ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Same rules work perfectly on Linux 4.19.57 and 5.1.16 # nft list table ip nat table ip nat { chain prerouting { type nat hook prerouting priority filter; policy accept; tcp dport 80 iifname { "eth0" } redirect to :3128 } } Am I doing something wrong? Or something changed in kernel 5.2?Does "modprobe nft_redir" fix this? There is a patch to fix the autoload queued already.
Yes that fixed it. Thank you very much. Regards, Amish.
