[pkg-netfilter-team] Bug#887871: nftables nat postrouting not working
denis
denis at podciarou.eu
Sun Jan 21 07:45:24 UTC 2018
Package: nftables
Version: 0.7-1 amd64
Hi
I migrated my iptables rules using iptables-migrate to nftables, but
these two rules are not working under nftables:
---
chain postrouting {
type nat hook postrouting priority 100; policy accept;
ip saddr 10.9.0.0/24 ip daddr != 10.9.0.0/24 counter packets 0
bytes 0 snat to 81.9.12.52
ip saddr 10.8.0.0/24 ip daddr != 10.8.0.0/24 counter packets 0
bytes 0 snat to 81.9.12.52
}
---
under iptables they are like:
---
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 anywhere
SNAT all -- 10.8.0.0/24 !10.8.0.0/24
to:81.9.12.52
SNAT all -- 10.9.0.0/24 !10.9.0.0/24
to:81.9.12.52
---
# cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
NAME="Debian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
# uname -a
Linux podciarou 4.9.0-5-amd64 #1 SMP Debian 4.9.65-3+deb9u2 (2018-01-04)
x86_64 GNU/Linux
# nft -v
nftables v0.7 (Scrooge McDuck)
# iptables --version
iptables v1.6.0
More information about the pkg-netfilter-team
mailing list