LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   nftables how to (https://www.linuxquestions.org/questions/linux-networking-3/nftables-how-to-4175662261/)

Romina80 10-09-2019 04:11 AM
nftables how to
 
Hello everybody! I'm trying to setup Debian 10 as a router. I think, i can't make the right nft configuration. So, what i'm doing wrong?
Code:
#!/usr/bin/nft -f

flush ruleset

define wan = { ens5 }
define lan = { enx8cae4ce9bb0c }
table inet filter {
  chain input {
    type filter hook input priority 0; policy accept;
    ct state {established, related} accept
    ct state invalid drop
    iifname lo accept
    iifname $lan accept
    ip protocol icmp accept
    tcp dport 22 accept
  }

  chain forward {
    type filter hook forward priority 0; policy accept;
    iifname $wan oifname $lan ct state related, established accept
    iifname $lan oifname $wan accept
  }

  chain output {
    type filter hook output priority 0; policy accept;
  }

}

table ip nat {
  chain prerouting {
    type nat hook prerouting priority 0;
  }

  chain postrouting {
    type nat hook postrouting priority 100;
    #ip saddr 192.168.1.1/24 oifname $wan snat 192.168.0.11
    oifname $wan masquerade
  }
}
I have ssh connection from both devices to the "router", just i'm not able to build a connection (NAT) between both of if. If someone wants to share with me working /etc/nftables.conf without any restrictions (two interfaces), or just to explain to me what i'm doing wrong, will be nice ;)

GlennsPref 10-10-2019 06:34 PM
Hi, I'm quite new at this myself, but I have managed to configure my proxied gateway... (this box).

I used this howto...
http://computer-outlines.over-blog.c...123263495.html

I think if you go through it you will learn what you need to know.

HTH


All times are GMT -5. The time now is 02:33 AM.