[Bug 1310] syntax issue with tproxy

Mon Apr 1 19:44:13 CEST 2019

https://bugzilla.netfilter.org/show_bug.cgi?id=1310

Fernando F. Mancera <ffmancera at riseup.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ffmancera at riseup.net

--- Comment #1 from Fernando F. Mancera <ffmancera at riseup.net> ---
Hi Arturo! I have been trying to solve this issue. AFAIK, fedora uses the last
nftables stable release which doesn't support tproxy. The syntax from the
redhat and debian tickets are fine.

# nft add table filter
# nft add chain filter divert "{ type filter hook prerouting priority -150; }"
# nft add rule filter divert meta l4proto tcp socket transparent 1 meta mark
set 1 accept
# nft add rule filter divert tcp dport 80 tproxy to :50080 meta mark set 1
accept
# nft add rule filter divert 'ip daddr 127.0.0.1 meta l4proto tcp tproxy to
:2000 meta mark set 1 accept'
# nft list ruleset

table ip filter {
    chain divert {
        type filter hook prerouting priority mangle; policy accept;
        meta l4proto tcp socket transparent 1 meta mark set 0x00000001 accept
        tcp dport 80 tproxy to :50080 meta mark set 0x00000001 accept
        ip daddr 127.0.0.1 meta l4proto tcp tproxy to :2000 meta mark set
0x00000001 accept
    }
}

Thank you!

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190401/e74e3c86/attachment.html>