Nftables – Port Redirect for All Interfaces

forwardinglinux-networkingnftablesport-forwarding

I have a relatively simple requirement that I want to solve with nft (nftables). It is to redirect all incoming packets from port 445 to port 1445. This should be done for all network interfaces.

My current implementation only works locally and not for external requests. Port 445 is not available for external connections.

table ip nat {                                                             
    chain prerouting {                                                 
            type nat hook prerouting priority 0; policy accept;        
            redirect                                                   
            tcp dport microsoft-ds redirect to :1445                   
    }                                                                  

    chain postrouting {                                                
            type nat hook postrouting priority 100; policy accept;     
    }                                                                  

    chain output {                                                     
            type nat hook output priority 100; policy accept;          
            tcp dport microsoft-ds redirect to :1445                   
    } 
}

Does anyone have a tip? Thanks.

Best Answer

I solved my problem.

This works for me:

table ip nat {
    chain prerouting {
        type nat hook prerouting priority 0; policy accept;
        tcp dport microsoft-ds counter packets 1 bytes 52 dnat to :1445
    }

    chain postrouting {
        type nat hook postrouting priority 100; policy accept;
    }

    chain output {
        type nat hook output priority 100; policy accept;
        tcp dport microsoft-ds counter packets 3 bytes 180 dnat to :1445
    }
}
Related Topic