[Bug 1051] nftables DNAT not working

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Tue May 17 17:12:21 CEST 2016


--- Comment #4 from Andrey <andrey.aleksandrovich at googlemail.com> ---
Well, yes, there were some mixings of iptables/nftables options in the kernel
config. I have disabled all related to iptables and enabled
CONFIG_NFT_CHAIN_NAT_IPV4 (I've missed it at that time). So it's working now,
but some issues is still there.

First. It didn't return eny error when I was adding nat rules while

Second. I was playing only with 80 and 8080 ports. And now, AFAICS, it doesn't
distinguish them by default (it falls back to 'http' value). It looks like
The router machine has apache servise installed (nftables are also there), it's
internal address is When I'm trying to enter to from my client machine ( I see "Welcome"
If I try to:
nft add rule nat prerouting ip daddr tcp dport 8080 redirect to 80
and then try to enter to it returns that page is not
BUT, when I use 58080 (instead of 8080):
nft add rule nat prerouting ip daddr tcp dport 58080 redirect to 80
the returns "Welcome" again.
At the tab list ('nft list table nat -a -nn') I also saw 591 port (which I set

So, I think it must respect port number, and not fall back to it's designation
(to avoid port number mixing).

You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160517/f0c77d69/attachment.html>

More information about the netfilter-buglog mailing list