0

I've a laptop (172.16.0.2) and a desktop PC (172.16.0.1). The phone is connected to the PC in USB modem mode, and it appears as the enp5s0f3u1 interface. I've set up masquerading through nftables so that the laptop can access the internet through the desktop PC via the local network. However, a few days ago, it stopped working, and I'm not sure why. I have already checked the routing tables, and forwarding is enabled too. The issue seems to be with the desktop PC because, for some reason, nftables is not doing anything (requests are going from the laptop to the PC, but the IP address is not changing, for example, 172.16.0.2 -> one.one.one.one).

Here is my nftables ruleset:

flush ruleset

define MODEM_INTERFACE = enp5s0f3u1
define HOME_INTERFACE = enp3s0
define HOME_PC = 172.16.0.1/32
define HOME_SERVER = 172.16.0.2/32 # laptop
define HOME_NETWORK = 172.16.0.0/12

table inet nat {
    chain postrouting {
        type nat hook postrouting priority 100;
        ip saddr $HOME_NETWORK iifname enp3s0 oifname $MODEM_INTERFACE masquerade
    }
}

The tcpdump output is blank when it listening the modem interface.

BlitDev
  • 1
  • 2
  • To know if the nat rule ever triggers add a `counter` before `masquerade`. nftables actions can't alter route when it's in postrouting (as the name implies: routing decision has already happened). So I guess the problem is before: either routing, or something else that prevents forwarding (forwarding not enabled, iptables-legacy firewall ...). Also check `ip rule` (some VPN might alter behavior). And that will be my last comment about it because this looks off-topic for serverfault. – A.B Aug 10 '23 at 14:40
  • the counter is not triggering (packets 0 bytes 0) – BlitDev Aug 10 '23 at 16:15

1 Answers1

0

Docker service was creating rules using iptables instead of nftables, and forwarding was blocked.

BlitDev
  • 1
  • 2