You are not logged in.

Pages: 1

#1 2018-04-19 14:39:18

quoxo
Member
Registered: 2018-04-19
Posts: 3

NFTABLES nat issue

I am tring to add nat table in my Arch Linux Firewall.

This are the commands:

# nft add table nat
# nft add chain nat prerouting { type nat hook prerouting priority 0 \; }
Error: Could not process rule: No such file or directory
add chain nat prerouting { type nat hook prerouting priority 0 ; }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

This is my configuration before executing commands to add NAT table:

# nft list ruleset
table inet filter {
        chain input {
                type filter hook input priority 0; policy accept;
                ct state { established, related } accept
                ct state invalid drop
                ip protocol icmp accept
                iifname "lo" accept
                iifname "ens32" jump input_LAN
                iifname "ens34" jump input_WAN
                reject
        }

        chain input_LAN {
                tcp dport ssh accept
                tcp dport http accept
                tcp dport https accept
                tcp dport smtp accept
                tcp dport submission accept
                tcp dport pop3 accept
                tcp dport pop3s accept
                tcp dport imap2 accept
                tcp dport imaps accept
                reject
        }

        chain input_WAN {
                tcp dport https accept
                tcp dport smtp accept
                tcp dport submission accept
                tcp dport imaps accept
                reject
        }

        chain forward {
                type filter hook forward priority 0; policy accept;
                drop
        }

        chain output {
                type filter hook output priority 0; policy accept;
        }
}

This are module:

# lsmod | grep '^nf'
nft_reject_inet        16384  3
nf_reject_ipv4         16384  1 nft_reject_inet
nf_reject_ipv6         16384  1 nft_reject_inet
nft_reject             16384  1 nft_reject_inet
nft_meta               16384  17
nf_conntrack_ipv6      20480  2
nf_defrag_ipv6         36864  1 nf_conntrack_ipv6
nf_conntrack_ipv4      16384  2
nf_defrag_ipv4         16384  1 nf_conntrack_ipv4
nft_ct                 20480  2
nf_conntrack          155648  3 nft_ct,nf_conntrack_ipv6,nf_conntrack_ipv4
nft_set_bitmap         16384  0
nft_set_hash           28672  1
nft_set_rbtree         16384  0
nf_tables_inet         16384  4
nf_tables_ipv6         16384  1 nf_tables_inet
nf_tables_ipv4         16384  2 nf_tables_inet
nf_tables             106496  78 nft_ct,nft_set_bitmap,nft_reject,nft_set_hash,nf_tables_ipv6,nf_tables_ipv4,nft_reject_inet,nft_meta,nft_set_rbtree,nf_tables_inet
nfnetlink              16384  1 nf_tables

Offline

#2 2018-04-23 12:28:22

quoxo
Member
Registered: 2018-04-19
Posts: 3

Re: NFTABLES nat issue

Someone using nftables can help me?
or nobody uses nftables?

Offline

#3 2018-04-23 13:10:52

quoxo
Member
Registered: 2018-04-19
Posts: 3

Re: NFTABLES nat issue

I found the solution: the installed kernel was different from the one visible with uname -r.
I just reboot the machine and it was all OK.

Offline

Pages: 1

Board footer

Powered by FluxBB