LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page nftables how to
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-09-2019, 04:11 AM   #1
Romina80
LQ Newbie
 
Registered: Oct 2019
Posts: 1

Rep: Reputation: Disabled
nftables how to

Hello everybody! I'm trying to setup Debian 10 as a router. I think, i can't make the right nft configuration. So, what i'm doing wrong?
Code:
#!/usr/bin/nft -f

flush ruleset

define wan = { ens5 }
define lan = { enx8cae4ce9bb0c }
table inet filter {
  chain input {
    type filter hook input priority 0; policy accept;
    ct state {established, related} accept
    ct state invalid drop
    iifname lo accept
    iifname $lan accept
    ip protocol icmp accept
    tcp dport 22 accept 
  }

  chain forward {
    type filter hook forward priority 0; policy accept;
    iifname $wan oifname $lan ct state related, established accept
    iifname $lan oifname $wan accept
  }

  chain output {
    type filter hook output priority 0; policy accept;
  }

}

table ip nat {
  chain prerouting {
    type nat hook prerouting priority 0;
  }

  chain postrouting {
    type nat hook postrouting priority 100;
    #ip saddr 192.168.1.1/24 oifname $wan snat 192.168.0.11
    oifname $wan masquerade
  }
}
I have ssh connection from both devices to the "router", just i'm not able to build a connection (NAT) between both of if. If someone wants to share with me working /etc/nftables.conf without any restrictions (two interfaces), or just to explain to me what i'm doing wrong, will be nice
 
Old 10-10-2019, 06:34 PM   #2
GlennsPref
Senior Member
 
Registered: Apr 2004
Location: Brisbane, Australia
Distribution: Devuan
Posts: 3,656
Blog Entries: 33

Rep: Reputation: 283Reputation: 283Reputation: 283
Hi, I'm quite new at this myself, but I have managed to configure my proxied gateway... (this box).

I used this howto...
http://computer-outlines.over-blog.c...123263495.html

I think if you go through it you will learn what you need to know.

HTH
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
NFTables To Replace iptables In the Linux Kernel jeremy Linux - News 0 10-21-2013 11:02 AM
LXer: NFTables IPTables-Replacement Queued For Linux 3.13 LXer Syndicated Linux News 0 10-20-2013 08:41 AM
LXer: Linux: First Release Of nftables LXer Syndicated Linux News 0 04-02-2010 06:00 AM
LXer: This week at LWN: Nftables: a new packet filtering engine LXer Syndicated Linux News 0 04-09-2009 09:40 AM
LXer: New Kernel Firewall Nftables to Succeed Netfilter LXer Syndicated Linux News 0 03-21-2009 11:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:55 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration