On 5/10/20 17:19, Mike Dillinger wrote:
Hello,
I tried to research this on the Internet, even using iptables, and I
couldn't find anything conclusive so I thought I'd ask here. There are
conflicting reports regarding if this will work or not.
We have recently acquired a second Xbox and they will need to co-exist
behind our nftables firewall. We have an IPv4 setup on both sides
(ISP/WAN, LAN) using NAT. If both consoles are up and running at the
same time, we need a way for NAT'd traffic to be routed to the proper
console.
If I were to take a guess, I'm going to assume I need to mark packets
using the nftables meta command, but I'm not sure. I am assuming a
generic NAT setup will not work for both consoles.
If I could get a starter example, I think I can take it from there. I
can even take a working iptables example and migrate it to nftables
using iptables-translate.
Thanks a lot!
-MikeD
I assume you're referring to incoming traffic, since in most ordinary
network configurations you don't have to do anything special for
outgoing traffic outside of the existing SNAT/MASQUERADE rule you
probably already have. When one of the devices makes an outgoing
connection, it gets a conntrack entry on the router which tells it where
to translate reply packets. (You can watch this happen with 'conntrack
-E' on the router).
For incoming traffic you would forward a port, which if you already have
for your existing console, you just do the same thing for the other one,
using a different port. Forward port 12345 to one console and port 12346
to the other one. Then the port identifies which console gets the
incoming connection.
This only gets really complicated if they both for some reason have to
use the same port and you only have one public IPv4 address, but that's
usually not the case.
