Re: [nft 0.9.3 | kernel 5.4.48] cannot get NAT to work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 23/06/2020 21:23, Florian Westphal wrote:
ѽ҉ᶬḳ℠ <vtol@xxxxxxx> wrote:
Since the ruleset that worked with kernel 4.19 did not anymore with kernel
5.4 (throwing segfault) I started from scratch to see what gives.

nft add table inet filter
nft add chain inet filter input { type filter hook input priority 0 \; }
nft add chain inet filter forward { type filter hook forward priority 0 \; }
nft add chain inet filter output    { type filter hook output priority 0 \;
}
nft add table inet nat

Thus far good and then things go awry and the output does not help to
understand what might be wrong:

nft add chain inet nat prerouting { type nat hook prerouting priority \-100
\; }
nft: unrecognized option: 1
If you use the shell, you should use single-quote for the entire
arguments.  nft 'add chain ...'

here, nft thinks you passed '-1' as an option.

Thanks for the pointer, I just copied that from the wiki though...


and next up

nft add chain inet nat postrouting { type nat hook postrouting priority 100
\; }
Error: Could not process rule: No such file or directory
inet nat depends on CONFIG_NF_TABLES_INET.

That is apparently enabled in the kernel

xzgrep NF_TABLES /proc/config.gz
CONFIG_NF_TABLES=m
CONFIG_NF_TABLES_SET=m
CONFIG_NF_TABLES_INET=y
CONFIG_NF_TABLES_NETDEV=y
CONFIG_NF_TABLES_IPV4=y
CONFIG_NF_TABLES_ARP=y
CONFIG_NF_TABLES_IPV6=y
CONFIG_NF_TABLES_BRIDGE=m

Attachment: OpenPGP_0xF4F735931F05C5CE.asc
Description: application/pgp-keys

Attachment: OpenPGP_signature
Description: OpenPGP digital signature


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux