Hi,

I'm using nftables on a vanilla 3.16 kernel and nft 0.3.
I want to do port forwarding for TCP port 51413 to host 192.168.0.20 and
I've configured my firewall like this:


table ip nat {
chain post {
type nat hook postrouting priority 0;
ip saddr 192.168.0.0/24 oif eth0 snat 192.168.1.2
}

chain pre {
type nat hook prerouting priority 0;
iif eth0 tcp dport 51413 dnat 192.168.0.20
}
}


no filter chain at all.
from the router I can find the port open:

HPING 192.168.0.20 (br0 192.168.0.20): S set, 40 headers + 0 data bytes
len=44 ip=192.168.0.20 ttl=64 DF id=0 sport=51413 flags=SA seq=0
len=44 ip=192.168.0.20 ttl=64 DF id=0 sport=51413 flags=SA seq=1

from the outside is closed:

HPING 188.218.168.147 (eth0 188.218.168.147): S set, 40 headers + 0 data bytes
len=46 ip=188.218.168.147 ttl=51 DF id=39456 sport=51413 flags=RA seq=0
len=46 ip=188.218.168.147 ttl=51 DF id=39467 sport=51413 flags=RA seq=1

if I sniff in the LAN nothing gets forwarded

Cheers,