Nftables SNAT - Linux - Security und Firewall Labor
Zur Navigation springen
Zur Suche springen
Unser erstes NAT
- vi /etc/nftables.conf
#!/usr/sbin/nft -f
flush ruleset
define wandev = enp0s3
define wanip = 192.168.hs.2xx
define lan = 172.17.2xx.0/24
define server = 172.16.2xx.0/24
define mgmt = 172.18.2xx.0/24
define dmz = 10.88.2xx.0/24
table inet nat {
chain postrouting {
type nat hook postrouting priority 100; policy accept;
oif $wandev ip saddr $lan snat to $wanip
oif $wandev ip saddr $server snat to $wanip
oif $wandev ip saddr $mgmt snat to $wanip
# DMZ wird genattet, außer zu 10.88.0.0/16
oif $wandev ip saddr $dmz ip daddr != { 10.88.0.0/16 } snat to $wanip
}
}
Aktivieren
- systemctl enable nftables --now
Kontrolle
- nft list ruleset