All Questions
52
questions
1
vote
0
answers
15
views
Redirect socks to another interface with nftable
I want to redirect the tcp port to interfaceX , to new destination : ip 192.168.3.8 on interfaceY with nftable rules.
I tried that:
nft flush ruleset
nft add table ip nat
nft add chain ip nat ...
- 11
0
votes
0
answers
8
views
iptables-translate: translate iptables -m set --match-set to nftables
Is there a way to automatically translate --match-set iptables rules to match on a named nftables set with the same name? iptables-translate doesn't seem to be able to do this, which somewhat makes ...
- 479
1
vote
0
answers
44
views
nftables equivalent for iptables condition module
The iptables condition module allows you to make a rule match depending on whether the contents of a file are 0 or 1.
iptables -A INPUT -m condition --condition enable-my-foo-rule
This will accept ...
- 479
0
votes
0
answers
30
views
RULE_APPEND failed (Too many links)
I'm trying to apply the policy I got by running iptables-legacy-save using iptables-nft-restore. When I do, this I get this error. When I search for this error, all I can find is a paywalled redhat ...
- 479
1
vote
1
answer
45
views
RHEL 8 IP/Kernel Routing Multi-Homed Server Issue - Cannot get a response to ping, when trying to ping from 2nd Interface
Set up/configuration:
I have a RHEL 8 server, running Asterisk 15.x, that has 2 NICs. NMCLI is used for networking
NIC0 (eno5np0) is on the trusted network and is configured as a static IPv4 and NIC1 (...
- 13
0
votes
0
answers
48
views
Firewalld (nftables) SNAT problem
so my setup is following:
A:
PrivIP: 172.16.1.1
PublicIP: 212.1.2.3
B:
PrivIP: 10.123.0.1 (Interface: dummyip, dont ask why I named it like that)
PublicIP: 213.1.2.3 (Interface: eth0)
They both are ...
- 1
1
vote
0
answers
150
views
ksoftirqd taking a lot of cpu since moving to debian 12
I have a small pc linux box like intel nuc dual atom where I run some firewall settings.
Previously this machine runned debian 9 and everything worked fine.
I could have used the machine in middle of ...
- 3,004
0
votes
1
answer
36
views
What is the proper method to install a Debian package onto a device stuck on a private network? [duplicate]
Here is my scenario:
I want to install iptables onto an embedded Linux device that is located on a private network with no access to the internet. I can place my Windows PC onto this network and then ...
- 971
0
votes
1
answer
205
views
How to exclude dnsmasq used by libvirt from Mullvad VPN's "local network sharing" block
I don't use the local network expect dnsmasq for libvirt. With blocking local network I have no DNS on my VM. For that reason I want to exclude dnsmasq from the local network sharing block with split ...
- 81
2
votes
1
answer
4k
views
Ubuntu 22.04 iptables command not working
Totally new to netfilter thing, currently am running an application which uses three interfaces eth0/eth1/eth2, my application will run on two servers and they both can communicate between them via ...
- 169
0
votes
0
answers
120
views
Nftables does not work as expected to block with meter
Goal: Account for excess packets whose rate source IP and destination port are greater than 200 packets per second, example:
1s, 2s, 3s ...: IP 1.1.1.1 to MyServer:80
[This happens 201 times in ...
- 9
2
votes
2
answers
908
views
nftables deleting a rule without passing handle (similar to iptables delete)
iptables syntax for delete is much simpler. if we replace the "append" with delete we get command for deletion of the rule.
nftable provides similar construct for few rule management aspect ...
0
votes
1
answer
209
views
writing nftables for traffic pre/postrouting to an IDS
Trying to learn nftables since it has been implemented on Openwrt 22.03 with little backwards compatibility for iptables.
I have iptables rules for forwarding traffic from my router to a VM running ...
2
votes
1
answer
213
views
nftables does not limit ipv6 traffic in rate limit rule in bridge and ip6 family
I have a wifi router where the wlan0 interface (radio interface) is bridged with the ethernet interface eth0 (connected to another server acting as DHCP)
/ # brctl show br0
bridge name bridge id ...
- 141
0
votes
1
answer
370
views
How to convert iptables to nftables
I need to use nftables, instead of iptables.
How can I convert the following to nftables format instead of iptables?
sysctl net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -p tcp --dport 22 -j ...
- 1