nftables issues

Kernels & Hardware, configuring network, installing services

nftables issues

Postby elaphecarinata » 2020-05-09 14:02

New to nftables and trying to setup a NAT for my server.

From the command line I can run the following commands:
sudo nft add table nat
sudo nft add chain nat post { type nat hook postrouting priority 0 \; \}
sudo nft add chain nat pre { type nat hook prerouting priority 0 \; \}
sudo nft add rule nat post ip saddr 10.10.10.0/24 oifname "eth0" masquerade

I can then list my running nft rules and see this appended to the end:
table ip nat {
chain post {
type nat hook postrouting priority 0; policy accept;
ip saddr 10.10.10.0/24 oifname "eth0" masquerade
}

chain pre {
type nat hook prerouting priority 0; policy accept;
}

My problem is that I now want to transfer it to my nftables.conf to be able to run it again.
When I add that section as seen I get errors on trying to reload:

sudo nft -f /etc/nftables.conf
/etc/nftables.conf:67:1-5: Error: syntax error, unexpected table
table ip nat {
^^^^^
/etc/nftables.conf:70:55-64: Error: NAT is only supported for IPv4/IPv6
ip saddr 10.10.10.0/24 oifname "eth0" masquerade

Can anyone kindly point out what I am missing here.

Thanks in advance - vanilla Linux maisu 4.19.0-8-amd64 #1 SMP Debian 4.19.98-1+deb10u1 (2020-04-27) x86_64 GNU/Linux
elaphecarinata
 
Posts: 4
Joined: 2020-05-09 13:49

Re: nftables issues

Postby Head_on_a_Stick » 2020-05-09 16:28

The closing bracket is missing from your posted ruleset output. I've just tried copy&pasting your exact commands then I used
Code: Select all
# nft list ruleset > nftables.conf
# nft flush ruleset
# nft -f nftables.conf

It worked fine, no errors:
Code: Select all
empty@E485 ~ % sudo nft list ruleset
table ip nat {
        chain post {
                type nat hook postrouting priority 0; policy accept;
                ip saddr 10.10.10.0/24 oifname "eth0" masquerade
        }

        chain pre {
                type nat hook prerouting priority 0; policy accept;
        }
}
empty@E485 ~ %
Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Head_on_a_Stick
 
Posts: 12785
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: nftables issues

Postby elaphecarinata » 2020-05-10 07:45

Always helps to have a fresh set of eyes!!

That's been driving me mad

Thank you
elaphecarinata
 
Posts: 4
Joined: 2020-05-09 13:49

Re: nftables issues

Postby arzgi » 2020-05-10 14:06

The missing parentheses problem is easy to tackle, there are many editors in Debian's repo which show by colors matching parentheses pairs and open ones.
arzgi
 
Posts: 673
Joined: 2008-02-21 17:03
Location: Finland


Return to System configuration

Who is online

Users browsing this forum: No registered users and 11 guests

fashionable