There is multihomed Ubuntu 22.04: internal 192.168.0.99/24 external 12.12.12.12/29 (for example) acting as gateway also. All, including internet access from the server as well as from the Lan behind works, that is IP forwarding is on, SNAT is set up. I set up indeed SNAT, because of static external IP.
Web server is binded to internal interface only to 85 port. Not binded to external one !
Outside access is necessary from an Internet to the Web server, using external port 40000.
I do for this the following:
nft add rule ip nat prerouting iif ext counter goto extprerouting
nft add rule ip filter input iif ext counter goto extinput
nft add chain ip filter extinput
nft add chain ip nat extprerouting
nft add rule ip nat extprerouting iif ext ip ne saddr 192.168.0.0/24 ip daddr 12.12.12.12 ip protocol tcp tcp dport 40000 counter dnat to 192.168.0.99:85
nft add rule ip filter extinput iif ext ip daddr 192.168.0.99 ip protocol tcp tcp dport 85 ct state { new } counter accept
When I see nft list ruleset | grep dnat, there are some packets by these rules, but it is still no access.
It doesn' t work. Who can help to get DNAT working ?
