On 05/08/2020 17:04, Frank-Ulrich Sommer wrote:
Hello,
I'm using "nftables v0.9.0 (Fearless Fosdick)" on a Debian Buster based Raspberry Pi OS.
I'm getting syntax errors when trying to redirect a port to another host via nftables.conf with the two lines starting with "iif eth0.100". The file does not contain a complete setup because I removed all rules not related to the problem.
The first line produces "nftables.conf:10:41-42: Error: syntax error, unexpected to, expecting newline or semicolon". According to the manpage I would have expected the correct syntax for an inet table to be "...dnat ip to..."
The second line without "to" produces "nftables.conf:11:56-56: Error: syntax error, unexpected newline".
Both error messages are of poor quality.
What would be the correct syntax if I want e.g. to forward traffic to port 1234 to IPv4 123.123.123.123 in an inet table?
Here is the reduced nftables.conf causing these errors:
#!/usr/sbin/nft -f
flush ruleset
table inet myfilter {
chain port_forwarding {
type nat hook prerouting priority 0; policy accept;
iif eth0.100 tcp dport 1234 dnat ip to 123.123.123.123
"eth0.100" isn't a valid iface_index. Use iifname instead.
--
Kerin Millar
