Ability to configure CGNAT based on nftables
There is a [[ https://forum.vyos.io/t/snat-for-carrier-grade-nat-thats-many-to-many-netmap-with-port-translation/ | discussion ]] on the forum
The solution for nftables described in https://debianbrasil.gitlab.io/FiqueEmCasaUseDebian/arquivos/2020-06-03-cgnat-com-nftables.pdf
The script which generates rules for nftables https://github.com/Beiriz/GRCN
```
#!/usr/sbin/nft -f
flush rulesetflush ruleset
add table ip nat
add chain ip nat PREROUTING { type nat hook prerouting priority -100; policy accept; }add chain ip nat PREROUTING { type nat hook prerouting priority -100; policy accept; }
add chain ip nat POSTROUTING { type nat hook postrouting priority 100; policy accept; }add chain ip nat POSTROUTING { type nat hook postrouting priority 100; policy accept; }
add chain ip nat CGNATOUTadd chain ip nat CGNATOUT
add chain ip nat CGNATINadd chain ip nat CGNATIN
add rule ip nat PREROUTING iifname "enp1s0f0" counter jump CGNATINadd rule ip nat PREROUTING iifname "enp1s0f0" counter jump CGNATIN
add rule ip nat POSTROUTING oifname "enp1s0f0" counter jump CGNATOUTadd rule ip nat POSTROUTING oifname "enp1s0f0" counter jump CGNATOUT
include "/root/cgnat_nft/cgnat-bng.conf"include "/root/cgnat_nft/cgnat-bng.conf"
```
cgnat-bng.conf
```
# GRCN - Gerador de Regras CGNAT em nftables - Beiriz - v4.001 - 27/07/2020 (31/03/2023)
# - blocos 100.64.0.0/21 -> 192.0.2.0/24;
# - /0 de IPs privados / IP público;
# - 8064 portas / IP privado;
# ---------------------------------------- #INDICE 0 / IP PUBLICO 192.0.2.0
add chain ip nat CGNATOUT_0
flush chain ip nat CGNATOUT_0
add rule ip nat CGNATOUT_0 ip protocol tcp ip saddr 100.64.0.0 counter snat to 192.0.2.0:1024-9087
add rule ip nat CGNATOUT_0 ip protocol udp ip saddr 100.64.0.0 counter snat to 192.0.2.0:1024-9087
add rule ip nat CGNATOUT_0 ip protocol tcp ip saddr 100.64.0.1 counter snat to 192.0.2.0:9088-17151
add rule ip nat CGNATOUT_0 ip protocol udp ip saddr 100.64.0.1 counter snat to 192.0.2.0:9088-17151
add rule ip nat CGNATOUT_0 ip protocol tcp ip saddr 100.64.0.2 counter snat to 192.0.2.0:17152-25215
add rule ip nat CGNATOUT_0 ip protocol udp ip saddr 100.64.0.2 counter snat to 192.0.2.0:17152-25215
add rule ip nat CGNATOUT_0 ip protocol tcp ip saddr 100.64.0.3 counter snat to 192.0.2.0:25216-33279
add rule ip nat CGNATOUT_0 ip protocol udp ip saddr 100.64.0.3 counter snat to 192.0.2.0:25216-33279
add rule ip nat CGNATOUT_0 ip protocol tcp ip saddr 100.64.0.4 counter snat to 192.0.2.0:33280-41343
add rule ip nat CGNATOUT_0 ip protocol udp ip saddr 100.64.0.4 counter snat to 192.0.2.0:33280-41343
add rule ip nat CGNATOUT_0 ip protocol tcp ip saddr 100.64.0.5 counter snat to 192.0.2.0:41344-49407
add rule ip nat CGNATOUT_0 ip protocol udp ip saddr 100.64.0.5 counter snat to 192.0.2.0:41344-49407
add rule ip nat CGNATOUT_0 ip protocol tcp ip saddr 100.64.0.6 counter snat to 192.0.2.0:49408-57471
add rule ip nat CGNATOUT_0 ip protocol udp ip saddr 100.64.0.6 counter snat to 192.0.2.0:49408-57471
add rule ip nat CGNATOUT_0 ip protocol tcp ip saddr 100.64.0.7 counter snat to 192.0.2.0:57472-65535
add rule ip nat CGNATOUT_0 ip protocol udp ip saddr 100.64.0.7 counter snat to 192.0.2.0:57472-65535
add rule ip nat CGNATOUT_0 counter snat to 192.0.2.0
add rule ip nat CGNATOUT ip saddr 100.64.0.0/29 counter jump CGNATOUT_0
...
```