Hi,
I'm tryining to add NAT reflection rules for additional zones in fw4 to workaround this issue.
For that, I'm creating my rules in /etc/nftables.d/nat_reflection.nft. However I need to use the WAN address in the rule but I don't know how. I see that there are some variables defined like $wan_devices and $wan_subnets. Is there any way to get the current IPv4 WAN address?, also, any way to filter the subnets to get only the IPv4 one?
My rules look like:
chain user_dstnat {
type nat hook prerouting priority dstnat; policy accept;
iifname $lan_devices ip saddr 192.168.10.0/24 ip daddr $WAN_ADDRESS tcp dport 80 dnat ip to 192.168.7.5:80 comment "!fw4: forward-http (reflection for lan)"
iifname $lan_devices ip saddr 192.168.10.0/24 ip daddr $WAN_ADDRESS tcp dport 443 dnat ip to 192.168.7.5:443 comment "!fw4: forward-https (reflection for lan)"
}
Thank you.