On 26/10/2023 02:20, Martin wrote:
On Wed, Oct 25, 2023 at 07:33:52PM +0700, Max Nikulin wrote:
should have something like
table ip sharedconnection {
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
ip saddr 192.168.231.3/24 ip daddr != 192.168.231.3/24 masquerade
}
}
I did not add any masquerading rules by myself and output of command
'nft list ruleset' is showed below. It does not have anything like you
showed in section 'table ip sharedconnection'.
"sharedconnection" is an arbitrary name. It should be chosen to not
conflict with other applications. Actually you have nat masquerading
rules created by docker for other interfaces. Read
/usr/share/doc/nftables/README.Debian and choose a convenient for you
way to add rules. You may add the following heading and may save rules
to a file that may be read by either "nft -f FILE.conf" or just
executing it.
#!/usr/sbin/nft -f
table inet sharedconnection {}
flush table inet sharedconnection
# table ip shared connection { ... } from above
---
Upstream WiFi router does not know that packets addressed to
192.168.231.5 (mi router) should be sent to your computer
(192.168.0.16), so you computer should make upstream router believing
that all packets from your phone originates from 192.168.0.16.
