Hi,
On Mon, May 22, 2023 at 02:11:36PM -0400, Rob Hutton wrote:
> I am trying to set up a NAT gateway between two businesses where one
> initiates the connection outbound to the other, so therefore have dst
> nat entries in the following form:
>
> ip daddr 10.192.3.0/24 dnat ip to ip daddr map { 10.192.3.0/24 : 10.12.3.0/24 }
~~~~~~~~~~~~~~~~~~~~~~
No need for this redundant match, you can remove it. The map look
already provides the key matching side, therefore...
> and masquerade is enabled on the external interface.
>
> The netmap is translating the network portion correctly, but the host
> portion is not being preserved and is simply being chosen as if from a
> NAT pool. So pinging 10.192.3.254 should be translated to 10.12.3.254
> and instead it is translated to 10.12.3.64 (for example). How do I
> preserve the host portion during the NETMAP translation?
... this should be sufficient to achieve NETMAP in nftables:
dnat ip prefix to ip daddr map { 10.192.3.0/24 : 10.12.3.0/24 }
~~~~~~
note the 'prefix' keyword specifies that the address prefix needs to
be preserved, hence, achieving similar effect to iptables' NETMAP.
