firewall/nat.nft

#! /sbin/nft -f

table ip nat {
	chain prerouting {
		type nat hook prerouting priority 0;
		meta iifname $if_prerezotage ip daddr != { $intranet, $comnpay, $website } tcp dport {http,https} dnat $bounce_server;
	}


	chain postrouting {
		type nat hook postrouting priority 100

		meta oifname != $if_supelec return

		meta iifname vmap {
			$if_adherent : jump adherent_nat,
			$if_admin : jump admin_nat,
			$if_federez : jump federez_nat,
			$if_aloes : jump aloes_nat,
			$if_prerezotage : jump prerezotage_nat
		}

		counter

		# ip saddr 10.0.0.0/8 snat to 193.48.225.3
		snat to 193.48.225.3

	}

}
bases du nat 2019-01-07 22:48:42 +00:00			`#! /sbin/nft -f`

SNAT 2019-02-09 09:23:05 +00:00			`table ip nat {`
bases du nat 2019-01-07 22:48:42 +00:00			`chain prerouting {`
			`type nat hook prerouting priority 0;`
SNAT 2019-02-09 09:23:05 +00:00			`meta iifname $if_prerezotage ip daddr != { $intranet, $comnpay, $website } tcp dport {http,https} dnat $bounce_server;`
bases du nat 2019-01-07 22:48:42 +00:00			`}`


			`chain postrouting {`
			`type nat hook postrouting priority 100`
SNAT 2019-02-09 09:23:05 +00:00
NAT fonctionnel 2019-03-26 21:02:43 +00:00			`meta oifname != $if_supelec return`

			`meta iifname vmap {`
			`$if_adherent : jump adherent_nat,`
			`$if_admin : jump admin_nat,`
			`$if_federez : jump federez_nat,`
			`$if_aloes : jump aloes_nat,`
			`$if_prerezotage : jump prerezotage_nat`
			`}`

			`counter`

MAC-IP table 2019-03-12 21:06:21 +00:00			`# ip saddr 10.0.0.0/8 snat to 193.48.225.3`
NAT fonctionnel 2019-03-26 21:02:43 +00:00			`snat to 193.48.225.3`
bases du nat 2019-01-07 22:48:42 +00:00
			`}`

			`}`