diff options
| author | Xiao Pan <xyz@flylightning.xyz> | 2025-07-25 19:20:40 +0000 |
|---|---|---|
| committer | Xiao Pan <xyz@flylightning.xyz> | 2025-07-25 19:20:40 +0000 |
| commit | a580d6010502acd1b03a0290d5cc1db6907596f4 (patch) | |
| tree | d1c97b407c79cafe5b749808887dd06e77532f63 /etc/nftables.conf | |
| parent | 78f8618419ec8d28a0fc1baaed2e946a9c3a0e32 (diff) | |
nft use iifname instead of iif for ipv6net
iif need the interface exist, iifname don't need, more see man nft. If
use iif, after reboot when nft start, ipv6net interface seems do not
exist, so nft will error and failed to start. Use iifname can fix this
issue.
Diffstat (limited to 'etc/nftables.conf')
| -rw-r--r-- | etc/nftables.conf | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/nftables.conf b/etc/nftables.conf index 149beab1..aee344c6 100644 --- a/etc/nftables.conf +++ b/etc/nftables.conf @@ -75,8 +75,8 @@ table inet nat { iifname $pub_iface tcp dport monerod-p2p dnat ip to 10.0.0.1:monerod-p2p iifname $pub_iface tcp dport monerod-p2p dnat ip6 to [fdc9:281f:04d7:9ee9::1]:monerod-p2p # needed for phantun - iif $pub_iface tcp dport phantun dnat ip to 10.0.2.2 - iif $pub_iface tcp dport phantun dnat ip6 to fdc9:281f:04d7:9eeb::2 + iifname $pub_iface tcp dport phantun dnat ip to 10.0.2.2 + iifname $pub_iface tcp dport phantun dnat ip6 to fdc9:281f:04d7:9eeb::2 } # for all packets to $pub_iface, after routing, replace source address with primary IP of $pub_iface interface chain postrouting { |