Migration from iptable to nftable

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi,
Im migrating from iptable to nftable ( 19.07 openwrt version to latest openwrt-22.03.0).

I converted the iptable to nft by using iptables-restore-translate -f save.txt > ruleset.nft

while running nft -f ruleset.nft , returns error with, counter and refect is unknown.

Any info how to proceed. Please find the attached nft_ruleset.nft
My requirement is hook the tcp packet and divert to given port.

My Iptable commnad is

iptables -t nat -D PREROUTING -j CQR_NATTCP
iptables -t nat -N CQR_NATTCP
iptables -t nat -I PREROUTING -j CQR_NATTCP
iptables -t nat -F CQR_NATTCP

iptables -t nat -A CQR_NATTCP -p tcp -j REDIRECT --to-port 1226

Thankyou

2

In my experience iptables-restore-translate is not a panacea.
Learn the nftables syntax or better yet, try to recreate your rules using uci.

:man_shrugging:

Just to be clear, you want to capture every single tcp packet coming in from every single router interface and to redirect it locally to port 1226, right?

Once you do this, among other things you will no longer be able to access the device via ssh or LuCI.

2 Likes