I have set up a measurement network in my laboratory using a Raspberry pi 4 as router and DHCP and DNS server and wlan access point. The installed raspberry pi OS version is 11.6. Currently it is isolating the measurement network from the internet. The current nftables configuration is
$ sudo nft list ruleset
table ip filter {
chain INPUT {
type filter hook input priority filter; policy accept;
}
chain FORWARD {
type filter hook forward priority filter; policy accept;
iifname "eth1" oifname "eth0" counter packets 0 bytes 0 drop
iifname "wlan0" oifname "eth0" counter packets 0 bytes 0 drop
iifname "eth0" oifname "eth1" counter packets 0 bytes 0 drop
iifname "eth0" oifname "wlan0" counter packets 0 bytes 0 drop
}
chain OUTPUT {
type filter hook output priority filter; policy accept;
}
}
$
This works fine so far.
Now I want to make accessable some devices in the measurement network and therefor I want to configure come NAT. I have added a new table with sudo nft add table ip nat. Up to this point everythin is fine. But when I try to add a new chain for prerouting a get an error message.
Here's what I tried:
$ sudo nft 'add chain nat prerouting { type nat hook prerouting priority -100; }'
Error: Could not process rule: No such file or directory
add chain nat prerouting { type nat hook prerouting priority -100; }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
$ sudo nft 'add chain ip nat prerouting { type nat hook prerouting priority -100; }'
Error: Could not process rule: No such file or directory
add chain ip nat prerouting { type nat hook prerouting priority -100; }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
$
Has anyone an idea what I am doing wrong?
