Nftables SNAT - Vertiefung UNIX-/Linux Netzwerke
Zur Navigation springen
Zur Suche springen
Unser erstes NAT
- vi /etc/nftables.conf
#!/usr/sbin/nft -f
flush ruleset
define wandev = enp0s3
define wanip = 172.22.0.2xx
define lan = 172.17.2xx.0/24
define dmz = 10.88.2xx.0/24
table inet nat {
chain postrouting {
type nat hook postrouting priority 100; policy accept;
oif $wandev ip saddr $lan snat to $wanip
# DMZ wird genattet, außer zu 10.88.0.0/16
oif $wandev ip saddr $dmz ip daddr != { 10.88.0.0/16 } snat to $wanip
}
}
Aktivieren
- systemctl enable nftables --now
Kontrolle
- nft list ruleset