How to set up an IPTABLES rule in nftables

18scoobz · March 11, 2023, 11:43pm

I installed the latest build on my wrt3200acs and it does not seem to use iptables anymore.
How can I do the following rule in nftables?

iptables -t nat -A PREROUTING -s 192.168.1.17 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.16:80
iptables -t nat -A POSTROUTING -j MASQUERADE

dave14305 · March 12, 2023, 1:07am

You can create the first rule in LuCI using a Port Forwarding rule from Source Zone “lan” to any Destination zone with the external IP set as 192.168.1.17 and the internal destination as 192.168.1.16 port 80.

I’m not near a router to show an example, so I may be off in a detail or two, but it should get you started.

bluewavenet · March 12, 2023, 11:31am

opkg update
opkg install iptables-nft

18scoobz · March 12, 2023, 7:20pm

Where would I put the rule using iptables-nft

bluewavenet · March 12, 2023, 9:13pm

Where did you put it before?

Just type the two commands in and see if it works.

18scoobz · March 12, 2023, 9:42pm

There was a custom tab under firewall.

But it looks like it went in /etc/firewall.user

dave14305 · March 12, 2023, 11:32pm

Try this rule in /etc/config/firewall to achieve similar results:

config redirect
	option name 'Redirect http'
	option src 'lan'
	option dest '*'
	list proto 'tcp'
	option src_ip '192.168.1.17'
	option src_dport '80'
	option dest_ip '192.168.1.16'
	option target 'DNAT'

18scoobz · March 13, 2023, 3:41pm

dave14305:

config redirect
	option name 'Redirect http'
	option src 'lan'
	option dest '*'
	list proto 'tcp'
	option src_ip '192.168.1.17'
	option src_dport '80'
	option dest_ip '192.168.1.16'
	option target 'DNAT'

Thank you for the help! This does not seem to be working.

Just so you know what I am doing. I am redirecting what my weather station sends to weather underground to a weather server(weewx) on my network. The iptables worked great but I am unfamiliar with nftabnles.