bugzilla-daemon at netfilter.org
2018-Feb-07 04:03 UTC
[Bug 1225] New: Nft syntax error (snat, dnat using multiple maps)
https://bugzilla.netfilter.org/show_bug.cgi?id=1225
Bug ID: 1225
Summary: Nft syntax error (snat, dnat using multiple maps)
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Ubuntu
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: mskim128 at gmail.com
I use Ubuntu 17.10 (nftables v0.8, v0.8.2, kernel 4.13.0-25)
I'd like to use multiple NATs using nftables maps.
This looks something like this:
nft add rule nat postrouting snat \
ip saddr map { 192.168.1.1 : 10.0.0.1, 192.168.1.2 : 10.0.0.2,
192.168.1.3 : 10.0.0.3 }
It works.
But, I want to use multiple maps. This looks something like this:
192.168.1.0/24 -> NAT -> 10.0.0.0/24
(192.168.1.1 -> 10.0.0.1, 192.168.1.2 -> 10.0.0.2, ..., 192.168.1.254
->
10.0.0.254)
nft add rule nat postrouting snat \
ip saddr map { 192.168.1.0/24 : 10.0.0.0/24 }
However, error message is displayed.
root at two-All-Series:~# nft add rule nat postrouting snat
\> ip saddr map { 192.168.1.0/24 : 10.0.0.0/24 }
Error: syntax error, unexpected /, expecting comma or '}'
add rule nat postrouting snat ip saddr map { 192.168.1.0/24 : 10.0.0.0/24 }
^
Thanks,
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180207/18f50ad8/attachment.html>
bugzilla-daemon at netfilter.org
2020-Dec-01 20:01 UTC
[Bug 1225] Nft syntax error (snat, dnat using multiple maps)
https://bugzilla.netfilter.org/show_bug.cgi?id=1225
kfm at plushkava.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kfm at plushkava.net
--- Comment #1 from kfm at plushkava.net ---
Presently, it can be done by writing a rule such as this.
ip saddr 192.168.1.0/24 snat to ip saddr & 0.0.0.255 | 10.0.0.0
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20201201/c42a77a7/attachment-0001.html>
Maybe Matching Threads
- [Bug 1206] New: segfault when snat map rule has been added
- [Bug 1764] New: mapping IPv4 interval to IPv4 interval works for anonymous maps, but not for named maps
- [Bug 1255] New: nftables SNAT is not working
- [Bug 1213] New: Nft stateless NAT (NOTRACK)
- [Bug 920] New: DNAT: SNAT: --random and --persistent are not supported