Re: Error: conflicting intervals specified - Bullseye 0.9.8

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Le 28/09/2021 à 13:05, Daniel a écrit :

Hi Pablo,

sorry for delay, I had to install 1.0.0 from snap on my Ubuntu 20.04.

Le 21/09/2021 à 02:13, Pablo Neira Ayuso a écrit :
[...]

You require nftables 1.0.0 for the snippet below:

table ip nat {
         map fwdtoip_th {
                 type ipv4_addr . inet_service : interval ipv4_addr . inet_service 
                 flags interval
                 elements = { 1.2.3.4 . 10000-20000 : 192.168.3.4 . 30000-40000 } 
         }

         chain prerouting {
                 type nat hook prerouting priority dstnat; policy accept;
                 meta l4proto { tcp, udp } dnat to ip daddr . th dport map @fwdtoip_th 
         }
}


I can't get it, map is OK but creating rule fail

map in nat prerouting:

map fwdtoip_th {
         type ipv4_addr . inet_service : interval ipv4_addr . inet_service
         flags interval
        elements = { 192.168.10.24 . 58194-58198 : 192.168.10.254 . 58194-58198 } 
     }

Now I add the rule
sudo nft add rule ip nat prerouting meta l4proto { tcp, udp } dnat to ip daddr . th dport map @fwdtoip_th ; from your example 

and error is
Error: datatype mismatch: expected IPv4 address, expression has type concatenation of (IPv4 address, internet network service) add rule ip nat prerouting meta l4proto { tcp, udp } dnat to ip daddr . th dport map @fwdtoip_th 

OK, after to ip should be the daddr so I insert it
sudo nft add rule ip nat prerouting meta l4proto { tcp, udp } dnat to ip daddr daddr . th dport map @fwdtoip_th 

and error is

Error: syntax error, unexpected newline
add rule ip nat prerouting meta l4proto { tcp, udp } dnat to ip daddr daddr . th dport map @fwdtoip_th 

Something is wrong when calling a named map (in this case). If I do
sudo nft add rule ip nat prerouting meta l4proto { tcp, udp } dnat to ip daddr . th dport map { 192.168.10.24 . 10000-20000 : 192.168.10.254 . 3000-40000 } 

everything is fine. But if I call the map like
sudo nft add rule ip nat prerouting meta l4proto { tcp, udp } dnat to ip daddr . th dport map @fwdtoip_th 

I get
Error: datatype mismatch: expected IPv4 address, expression has type concatenation of (IPv4 address, internet network service) add rule ip nat prerouting meta l4proto { tcp, udp } dnat to ip daddr . th dport map @fwdtoip_th
Expression recognize that map is a concatenation but not that the "to ip daddr . th dport" should also be treated as concatenation 
--
Daniel
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux