<html>
<head>
<base href="https://bugzilla.netfilter.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Nft stateless NAT (NOTRACK)"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1213">1213</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Nft stateless NAT (NOTRACK)
</td>
</tr>
<tr>
<th>Product</th>
<td>nftables
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>All
</td>
</tr>
<tr>
<th>OS</th>
<td>Ubuntu
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>critical
</td>
</tr>
<tr>
<th>Priority</th>
<td>P5
</td>
</tr>
<tr>
<th>Component</th>
<td>nft
</td>
</tr>
<tr>
<th>Assignee</th>
<td>pablo@netfilter.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>mskim128@gmail.com
</td>
</tr></table>
<p>
<div>
<pre>I use Ubuntu 17.10 (nftables 0.8, kernel 4.13)
NOTRACK is used to turn off connection tracking for all packets matching this
rule. For example, in iptables:
iptables -t raw -I PREROUTING -j NOTRACK
I'd like to use stateless NAT (1:1)instead of iptables.
nft add table NAT
nft add chain NAT prerouting {type nat hook prerouting priority - 300 \; }
nft add chain NAT postrouting {type nat hook postrouting priority - 300 \; }
nft add rule NAT prerouting counter
nft add rule NAT prerouting ip daddr 192.168.204.60 notrack counter
nft add rule NAT prerouting counter
The counter value of prerouting is zero.
table ip NAT{
chain prerouting {
counter packets 0 bytes 0
ip daddr 192.168.204.60 notrack counter packets 0 bytes 0
counter packets 0 bytes 0
}
Thanks,</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>