Thanks, I missed that note in the wiki.
-----Original Message-----
From: Florian Westphal <fw@xxxxxxxxx>
Sent: Thursday, August 15, 2024 12:35 PM
To: Atkins, Brian <Brian.Atkins@xxxxxxxxxx>
Cc: netfilter@xxxxxxxxxxxxxxx
Subject: Re: Output port redirect going to loopback?
EXTERNAL EMAIL - USE CAUTION when clicking links or attachments
Atkins, Brian <Brian.Atkins@xxxxxxxxxx> wrote:
> I have the following nat table:
> table inet nat {
> chain prerouting {
> type nat hook prerouting priority dstnat; policy accept;
> tcp dport 10999 counter packets 0 bytes 0 redirect to :9999
> }
>
> chain input {
> type nat hook input priority 100; policy accept;
> }
>
> chain output {
> type nat hook output priority -100; policy accept;
> oif "eth0" ip daddr 172.16.5.220 meta nftrace set 1
> oifname "eth0" tcp dport 9999 counter packets 620 bytes 37200 redirect to :10999
> }
>
> chain postrouting {
> type nat hook postrouting priority srcnat; policy accept;
> }
> }
>
> I would expect to connect outbound on 9999 and have it redirect to 10999 and reach an IP address on my subnet, for example:
> # telnet 172.16.5.220 9999
> Trying 172.16.5.220...
> telnet: Unable to connect to remote host: Connection refused
Expected, redirect is 'dnat to local machine'.
