<html>
<head>
<base href="https://bugzilla.netfilter.org/" />
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - nftables DNAT not working"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1051#c4">Comment # 4</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - nftables DNAT not working"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1051">bug 1051</a>
from <span class="vcard"><a class="email" href="mailto:andrey.aleksandrovich@googlemail.com" title="Andrey <andrey.aleksandrovich@googlemail.com>"> <span class="fn">Andrey</span></a>
</span></b>
<pre>Well, yes, there were some mixings of iptables/nftables options in the kernel
config. I have disabled all related to iptables and enabled
CONFIG_NFT_CHAIN_NAT_IPV4 (I've missed it at that time). So it's working now,
but some issues is still there.
First. It didn't return eny error when I was adding nat rules while
CONFIG_NFT_CHAIN_NAT_IPV4 was disabled.
Second. I was playing only with 80 and 8080 ports. And now, AFAICS, it doesn't
distinguish them by default (it falls back to 'http' value). It looks like
this:
The router machine has apache servise installed (nftables are also there), it's
internal address is 192.168.0.1. When I'm trying to enter to
<a href="http://192.168.0.1:80">http://192.168.0.1:80</a> from my client machine (192.168.0.2) I see "Welcome"
page.
If I try to:
nft add rule nat prerouting ip daddr 192.168.0.1 tcp dport 8080 redirect to 80
and then try to enter to <a href="http://192.168.0.1:8080">http://192.168.0.1:8080</a> it returns that page is not
available.
BUT, when I use 58080 (instead of 8080):
nft add rule nat prerouting ip daddr 192.168.0.1 tcp dport 58080 redirect to 80
the <a href="http://192.168.0.1:58080">http://192.168.0.1:58080</a> returns "Welcome" again.
At the tab list ('nft list table nat -a -nn') I also saw 591 port (which I set
nowhere).
So, I think it must respect port number, and not fall back to it's designation
(to avoid port number mixing).</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>