Differences

This shows you the differences between two versions of the page.

--- сервис_nat [2024/04/23 13:11]
val [nftables]
+++ сервис_nat [2024/05/06 16:17] (current)
val [Debian/Ubuntu (iptables)]
@@ Line 8: / Line 8: @@
 === Заполнение таблицы nat (eth1 - внешний интерфейс) ===
 <code>
-debian11# apt install iptables
+debian11_12# apt install iptables
 root@gate:~# apt install conntrack
@@ Line 72: / Line 72: @@
 gate### apt install nftables
-gate# nft add rule nat postrouting ip saddr 192.168.X.0/24 oif eth1 snat to 172.16.1.254
+gate# man nft
+gate# nft add table nat
+gate# nft 'add chain nat postrouting { type nat hook postrouting priority srcnat ; }'
+gate# nft add rule nat postrouting ip saddr 192.168.X.0/24 oif eth1 snat to 172.16.1.X
+gate# nft add rule nat postrouting ip saddr 192.168.100+X.0/24 oif eth1 snat to 172.16.1.X
 gate# nft list ruleset
-gate# file /etc/nftables.conf
+gate# nft flush ruleset
-gate# systemctl enable nftables.service
+gate# systemctl enable nftables.service --now
+gate# cat /etc/nftables.conf
+</code><code>
+...
+table ip nat {
+        chain postrouting {
+                type nat hook postrouting priority srcnat; policy accept;
+                ip saddr 192.168.100+X.0/24 oif "eth1" snat to 172.16.1.X
+        }
+}
+</code><code>
+gate# systemctl reload nftables.service
 </code>

Методические материалы Лохтурова Вячеслава