blob: 3a57d9402301b7b9958c342cce8373cda180ccd5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
#!/bin/bash
set -e
RULESET="table ip test1 {
chain y {
oif lo accept
ip saddr 4.4.4.4 dnat to 1.1.1.1
ip saddr 5.5.5.5 dnat to 2.2.2.2
}
}"
$NFT -o -f - <<< $RULESET
RULESET="table ip test2 {
chain y {
oif lo accept
tcp dport 80 dnat to 1.1.1.1:8001
tcp dport 81 dnat to 2.2.2.2:9001
ip saddr 10.141.11.0/24 masquerade
ip saddr 10.141.13.0/24 masquerade
}
}"
$NFT -o -f - <<< $RULESET
RULESET="table ip test3 {
chain y {
oif lo accept
ip saddr 1.1.1.1 tcp sport 1024-65535 snat to 3.3.3.3
ip saddr 2.2.2.2 tcp sport 1024-65535 snat to 4.4.4.4
oifname enp2s0 snat ip to ip saddr map { 10.1.1.0/24 : 72.2.3.66-72.2.3.78 }
tcp dport 8888 redirect
tcp dport 9999 redirect
}
}"
$NFT -o -f - <<< $RULESET
RULESET="table ip test4 {
chain y {
oif lo accept
ip daddr 1.1.1.1 tcp dport 80 dnat to 4.4.4.4:8000
ip daddr 2.2.2.2 tcp dport 81 dnat to 3.3.3.3:9000
tcp dport 83 redirect to :8083
tcp dport 84 redirect to :8084
tcp dport 85 redirect
}
}"
$NFT -o -f - <<< $RULESET
RULESET="table inet nat {
chain prerouting {
oif lo accept
iifname enp2s0 ip daddr 72.2.3.66 tcp dport 53122 dnat to 10.1.1.10:22
iifname enp2s0 ip daddr 72.2.3.66 tcp dport 443 dnat to 10.1.1.52:443
iifname enp2s0 ip daddr 72.2.3.70 tcp dport 80 dnat to 10.1.1.52:80
}
chain postrouting {
oif lo accept
ip daddr 72.2.3.66 snat to 10.2.2.2
ip daddr 72.2.3.67 snat to 10.2.3.3
}
}"
$NFT -o -f - <<< $RULESET
|
