Migrate to openwrt 23.05.3 iptables to nftables

"Hello everyone,

I'm trying to upgrade my Xiaomi Router 3G to the newest OpenWRT version, and I'm having trouble migrating the iptables custom firewall rules to nftables. Honestly, I don't know how to do it.

Here are the rules:

iptables -t nat -A zone_lan_prerouting -p tcp -s 20.0.0.0/255.255.255.0 -d x.x.x.x/255.255.255.255 -m tcp --dport 80 -m comment --comment "!fw3: WebProxy-http-WAN (reflection)" -j DNAT --to-destination 20.0.0.5:8080
iptables -t nat -A zone_lan_prerouting -p tcp -s 20.0.0.0/255.255.255.0 -d x.x.x.x/255.255.255.255 -m tcp --dport 443 -m comment --comment "!fw3: WebProxy-https-WAN (reflection)" -j DNAT --to-destination 20.0.0.5:8443

iptables -t nat -A zone_lan_postrouting -p tcp -s 20.0.0.0/255.255.255.0 -d 20.0.0.5/255.255.255.255 -m tcp --dport 8080 -m comment --comment "!fw3: WebProxy-http-WAN (reflection)" -j SNAT --to-source 20.0.0.1
iptables -t nat -A zone_lan_postrouting -p tcp -s 20.0.0.0/255.255.255.0 -d 20.0.0.5/255.255.255.255 -m tcp --dport 8443 -m comment --comment "!fw3: WebProxy-https-WAN (reflection)" -j SNAT --to-source 20.0.0.1

You have to enter those dnat rules via uci firewall menus

1 Like

Thanks a lot for the answer, do you have any examples of how to do it?

It is in LuCI/Firewall/Port Forwards.
Reflection rules are added whenever you add forward rule.

Actually your rules seem created that way, you need to look into /etc/config/firewall. and like copy the ?DNAT? section.

1 Like