September 4, 2017

nftables, how to redirect all traffic to port 8080 to another ip

Forums: 
Hi, my router is running on Arch Linux.
I am trying to redirect all the traffic to port 8080 to my laptop which is hosting http website.
 
Here is configuration I come up with so far:
table ip nat {
  chain post {
    type nat hook postrouting priority 0; policy accept;
  }

  chain pre {
    type nat hook prerouting priority 0; policy accept;
    dnat to tcp dport map { 8080 : 192.168.0.100 } # handle 3
  }
}

 

But when I am trying to connect I am being welcomed with this unfriendly message: "<ip address> took too long to respond."
 
Of course I am using nftables and the loaded modules are below:
 
Module                  Size  Used by
nft_masq_ipv4           1265  1
nf_nat_masquerade_ipv4  2616  1 nft_masq_ipv4
nft_masq                1783  1 nft_masq_ipv4
nft_reject_inet         1814  1
nf_reject_ipv4          2938  1 nft_reject_inet
nf_reject_ipv6          3368  1 nft_reject_inet
nft_reject              2451  1 nft_reject_inet
nf_conntrack_ipv6       8902  2
nf_defrag_ipv6         14899  1 nf_conntrack_ipv6
nft_ct                  4373  2
nf_tables_inet          1618  4
nf_tables_ipv6          2117  1 nf_tables_inet
nft_set_hash           11030  2
nft_set_rbtree          2883  0
nft_meta                5683  9
nft_nat                 2508  1
nft_chain_nat_ipv4      1618  2
nf_conntrack_ipv4       8376  3
nf_defrag_ipv4          1546  1 nf_conntrack_ipv4
nf_nat_ipv4             5204  1 nft_chain_nat_ipv4
nf_nat                 16628  3 nft_nat,nf_nat_masquerade_ipv4,nf_nat_ipv4
nf_conntrack           94166  6 nft_ct,nf_conntrack_ipv6,nf_conntrack_ipv4,nf_nat_masquerade_ipv4,nf_nat_ipv4,nf_nat
nf_tables_ipv4          2053  2 nf_tables_inet
nf_tables              66017  54 nft_ct,nft_nat,nft_chain_nat_ipv4,nft_reject,nft_set_hash,nf_tables_ipv6,nf_tables_ipv4,nft_masq,nft_reject_inet,nft_meta,nft_set_rbtree,nft_masq_ipv4,nf_tables_inet

 

#systemctl status nftables
Active: active (exited)
Main PID: 611 (code=exited, status=0/SUCCESS)
Click Here!