[Bug 1213] New: Nft stateless NAT (NOTRACK)
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Wed Jan 10 13:34:15 CET 2018
https://bugzilla.netfilter.org/show_bug.cgi?id=1213
Bug ID: 1213
Summary: Nft stateless NAT (NOTRACK)
Product: nftables
Version: unspecified
Hardware: All
OS: Ubuntu
Status: NEW
Severity: critical
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: mskim128 at gmail.com
I use Ubuntu 17.10 (nftables 0.8, kernel 4.13)
NOTRACK is used to turn off connection tracking for all packets matching this
rule. For example, in iptables:
iptables -t raw -I PREROUTING -j NOTRACK
I'd like to use stateless NAT (1:1)instead of iptables.
nft add table NAT
nft add chain NAT prerouting {type nat hook prerouting priority - 300 \; }
nft add chain NAT postrouting {type nat hook postrouting priority - 300 \; }
nft add rule NAT prerouting counter
nft add rule NAT prerouting ip daddr 192.168.204.60 notrack counter
nft add rule NAT prerouting counter
The counter value of prerouting is zero.
table ip NAT{
chain prerouting {
counter packets 0 bytes 0
ip daddr 192.168.204.60 notrack counter packets 0 bytes 0
counter packets 0 bytes 0
}
Thanks,
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180110/bbf7793e/attachment.html>
More information about the netfilter-buglog
mailing list