Hi
Le 15/09/2020 à 05:07, vikaig a écrit :
Hello, I'm trying to add a DNAT rule, I tried many variations from the
Internet, in an IRC chat I was confirmed that my rule should work, but
I get an error, what could be wrong?(I use Debian 10)
$ sudo nft list ruleset
table inet nat {
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
}
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
oifname "ens3" ip6 saddr fd00::/48 masquerade
oifname "ens3" ip saddr 10.0.0.0/24 masquerade
}
}
table inet filter {
chain input {
type filter hook input priority filter; policy accept;
ct state { established, related } accept
ct state invalid drop
iifname "lo" accept
ip protocol icmp accept
meta l4proto ipv6-icmp accept
tcp dport 20414 accept
udp dport 51820 accept
reject
}
chain forward {
type filter hook forward priority filter; policy accept;
}
chain output {
type filter hook output priority filter; policy accept;
}
}
$ sudo nft 'add rule inet nat prerouting iifname "ens3" tcp dport
20415 dnat ip to 10.0.0.2'
Error: Could not process rule: No such file or directory
add rule inet nat prerouting iifname "ens3" tcp dport 20415 dnat ip to 10.0.0.2
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Try by removing the ' before add and after 10.0.0.2
sudo nft add rule inet nat prerouting iifname "ens3" tcp dport 20415 dnat ip to 10.0.0.2
--
Daniel
