On 9 May 2020 16:19:54 Steve Harriss wrote:
Afternoon
I'm hoping someone can point me in the direction of a fix for my current
nftables config.
From the command line I can run the following:
sudo nft add table nat
sudo nft add chain nat post { type nat hook postrouting priority 0 \; \}
sudo nft add chain nat pre { type nat hook prerouting priority 0 \; \}
sudo nft add rule nat post ip saddr 10.10.10.0/24 oifname "eth0" masquerade
Listing my running nft rules shows this appended to the end:
table ip nat {
chain post {
type nat hook postrouting priority 0; policy accept;
ip saddr 10.10.10.0/24 oifname "eth0" masquerade
}
chain pre {
type nat hook prerouting priority 0; policy accept;
}
I then try to transfer that config to my nftables.conf but on reading in
the .conf file I get the errors:
sudo nft -f /etc/nftables.conf
/etc/nftables.conf:67:1-5: Error: syntax error, unexpected table
table ip nat {
^^^^^
/etc/nftables.conf:70:55-64: Error: NAT is only supported for IPv4/IPv6
ip saddr 10.10.10.0/24 oifname "eth0" masquerade
I'm obviously missing some piece of information here that will allow me to
fix it.
If you'd like to help me add the masquerade for IPv6 as well that would be
brilliant.
Hopefully someone has the answer as I currently stumped
Cheers
Steve
Hello.
What's your entire nftables.conf? Are you happy to share it (maybe a Gist)?
Tim