iptables-like NETMAP with nftables

Question

using nftables, I need to NAT an entire subnet to another one for example:

10.10.10.1 -> 10.200.0.1
10.10.10.2 -> 10.200.0.2
...
10.10.10.X -> 10.200.0.X

nftables docs here shows multiple NATs in one line, but how can I manage that use case if my subnet is /24 or bigger? Do I have to list hundreds of addresses manually?

I've looked documentation and examples but didn't found a solution.

Than you very much in advance.

Regards.

Tom Yan · Accepted Answer · 2023-02-18T06:42:49.017

0

For now you can do it with bitwise operation:

ip saddr 10.10.10.0/24 snat to ip saddr & 255.0.0.255 | 0.200.0.0

"Proper" support is already in git.

UPDATE: apparently the "proper" syntax is as follows:

snat ip prefix to ip saddr map { 10.10.10.0/24 : 10.200.0.0/24 }

edited Feb 18 '23 at 06:42

answered May 18 '20 at 15:34

Tom Yan

747
3
9

Can you update this answer to provide an example of the "proper" syntax? – larsks Feb 18 '23 at 04:09

iptables-like NETMAP with nftables

1 Answers1