Внешний (WAN) порт - eth0
, внутрений (LAN) порт - eth1
.
- nftables.conf
table ip nat { chain forward { type filter hook forward priority filter; policy drop; ct state establised,related accept iifname "eth1" jump forward_lan ct status dnat accept } chain forward_lan { oifname "eth0" accept oifname "eth1" accept } chain preroute { type nat hook prerouting priority dstnat; iifname "eth0" tcp dport 8080 dnat ip to 192.168.0.5:8080 } chain postroute { type nat hook postroute priority srcnat; iifname "eth1" oifname "eth0" masquerade } }
software/administration/linux/networking/firewall/nftables/nat.txt · Последнее изменение: 2024-10-18 20:31 — Иван Солнцев