Differences

This shows you the differences between two versions of the page.

--- сервис_nat [2022/07/26 06:26]
val [Debian/Ubuntu (iptables)]
+++ сервис_nat [2024/04/23 14:00] (current)
val [nftables]
@@ Line 36: / Line 36: @@
 == Вариант 1 ==
-= Сохранение состояния iptables =
+== Сохранение состояния iptables ==
 <code>
 root@gate:~# iptables-save > /etc/iptables.rules
 </code>
-= Восстановление состояния iptables =
+== Восстановление состояния iptables ==
 <code>
 root@gate:~# iptables-restore < /etc/iptables.rules
 </code>
-= Восстановление состояния iptables при загрузке =
+== Восстановление состояния iptables при загрузке ==
 <code>
 root@gate:~# cat /etc/network/interfaces
@@ Line 63: / Line 63: @@
 # netfilter-persistent save
 </code>
+==== nftables ====
+  * [[https://wiki.nftables.org/wiki-nftables/index.php/Performing_Network_Address_Translation_(NAT)|Performing Network Address Translation (NAT)]]
+  * https://wiki.debian.org/nftables
+<code>
+gate### apt install nftables
+gate# man nft
+gate# nft add table nat
+gate# nft 'add chain nat postrouting { type nat hook postrouting priority srcnat ; }'
+gate# nft add rule nat postrouting ip saddr 192.168.X.0/24 oif eth1 snat to 172.16.1.X
+gate# nft add rule nat postrouting ip saddr 192.168.100+X.0/24 oif eth1 snat to 172.16.1.X
+gate# nft list ruleset
+gate# nft flush ruleset
+gate# systemctl enable nftables.service --now
+gate# cat /etc/nftables.conf
+</code><code>
+...
+table ip nat {
+        chain postrouting {
+                type nat hook postrouting priority srcnat; policy accept;
+                ip saddr 192.168.100+X.0/24 oif "eth1" snat to 172.16.1.X
+        }
+}
+</code><code>
+gate# systemctl reload nftables.service
+</code>
 ==== CentOS (firewalld) ====

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools