New to nftables and trying to setup a NAT for my server.
From the command line I can run the following commands:
sudo nft add table nat
sudo nft add chain nat post { type nat hook postrouting priority 0 \; \}
sudo nft add chain nat pre { type nat hook prerouting priority 0 \; \}
sudo nft add rule nat post ip saddr 10.10.10.0/24 oifname "eth0" masquerade
I can then list my running nft rules and see this appended to the end:
table ip nat {
chain post {
type nat hook postrouting priority 0; policy accept;
ip saddr 10.10.10.0/24 oifname "eth0" masquerade
}
chain pre {
type nat hook prerouting priority 0; policy accept;
}
My problem is that I now want to transfer it to my nftables.conf to be able to run it again.
When I add that section as seen I get errors on trying to reload:
sudo nft -f /etc/nftables.conf
/etc/nftables.conf:67:1-5: Error: syntax error, unexpected table
table ip nat {
^^^^^
/etc/nftables.conf:70:55-64: Error: NAT is only supported for IPv4/IPv6
ip saddr 10.10.10.0/24 oifname "eth0" masquerade
Can anyone kindly point out what I am missing here.
Thanks in advance - vanilla Linux maisu 4.19.0-8-amd64 #1 SMP Debian 4.19.98-1+deb10u1 (2020-04-27) x86_64 GNU/Linux
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
nftables issues
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: nftables issues
The closing bracket is missing from your posted ruleset output. I've just tried copy&pasting your exact commands then I used
It worked fine, no errors:
Code: Select all
# nft list ruleset > nftables.conf
# nft flush ruleset
# nft -f nftables.conf
Code: Select all
empty@E485 ~ % sudo nft list ruleset
table ip nat {
chain post {
type nat hook postrouting priority 0; policy accept;
ip saddr 10.10.10.0/24 oifname "eth0" masquerade
}
chain pre {
type nat hook prerouting priority 0; policy accept;
}
}
empty@E485 ~ %
deadbang
-
- Posts: 4
- Joined: 2020-05-09 13:49
Re: nftables issues
The missing parentheses problem is easy to tackle, there are many editors in Debian's repo which show by colors matching parentheses pairs and open ones.