- User Since
- Sep 19 2022, 1:24 AM (63 w, 1 d)
Sat, Nov 18
Apr 18 2023
Tested on latest "current" source tree build. Works fine and solves the "old syntax" cache file issue. Thank you for the quick and responsive fix.
Sep 22 2022
@jack9603301 I've tested your updated PR and it seems to work well now. Thank you for the quick response.
@sdev I've tested your PR and it seems to also fix both issues. I did not test anything beyond DNAT port only in both ip and ip6 families.
Sep 21 2022
@jack9603301, your PR solves the NAT66 issue - thank you. However, the change you made to nat.py to try to solve the NAT44 issue is not complete and seem to also require a template change. I'll post additional details in the PR.
Sep 19 2022
Why would you enforce an address? It is perfectly OK to have port-only DNAT66 without any destination address such as:
nft add rule ip6 nat PREROUTING iifname eth1 counter tcp dport 443 dnat to :3000
Problem is that the test logic breaks on this and spits out a wrong statement to NFT that barfs on it.