On Thu, Oct 26, 2023 at 10:00:08PM +0700, Max Nikulin wrote:
> On 26/10/2023 17:06, Martin wrote:
> > On Thu, Oct 26, 2023 at 09:54:22AM +0700, Max Nikulin wrote:
> > >
> > > #!/usr/sbin/nft -f
> > > table inet sharedconnection {}
> > > flush table inet sharedconnection
> > > table ip sharedconnection { ... } from above
> I wrote "FILE" in caps trying to express that you can choose any name.
> Debian has /etc/nftables.conf and nft supports the "include" directive, see
> nft(8). So you may put your file to /etc or to create a dedicated directory,
> e.g. /etc/nftables.conf.d, for your settings and include your file from the
> main conf file, so it should be applied on each boot by nftables.service.
> You may put "table ip shared ..." content directly into /etc/nftables.conf
> as well, however I prefer to minimize changes in files provided by packages
> when it is possible to use additional ones.
> By the way, since you have dnsmasq running, you may enable its DHCP server
> (dhcp-range=192.168.231.5,192.168.231.254) and may switch mi router from
> static network configuration to DHCP.
Sorry for long pause in reply (my hard disk was dieing so I replaced HD and
installed whole debian from scratch).
Now (after reinstall everything) I am the point where I want to make my
router to work. I set up dnsmasq to enable DHCP with line in config:
dhcp-range=192.168.231.241,192.168.231.254,12h
and reseted my WiFi router after little configuring with my phone I can
connect my phone to WiFi router and to my computer (that still has address
192.168.231.3). I can access http server on my computer when I type in my
phone address to connect in web browser: http://192.168.231.3/text.html
(I created on my computer file /var/www/html/test.html)
That is all without changing anything with nft program.
I created a file with exatly this content:
#!/usr/sbin/nft -f
table ip masqrule {}
flush table ip masqrule
table ip masqrule {
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
ip saddr 192.168.231.3/24 ip daddr != 192.168.231.3/24 masquerade
}
}
When I execute this file with sudo unfortunately nothing changes, I can
not connect to the internet (trying www.google.com from phone).
[[ this is about old system I had on old HD:
I remeber before reinstalling whole system at this point I had connection
from my phone to the internet (I could see google and then some videos on
youtube worked too on the phone) After I rebooted my old system I could not
connect to internet anymore from the phone. I slightly changed the script
from your post to current state (namely using ip allways instead of inet at
first two lines of script and using 'masqrule'as table name) I thing those
changes are ok.
]]
I have no idea what else should I try to make this work. Maybe I forgot
to issue some command (but I do not think so).
BTW putting above script into /etc/nftables.conf (at the bottom of file)
did not ever worked - I had always to run that file manualy as root.
Command 'nft list ruleset' only then showed this table.
I have no idea why. To me it seemed as if /etc/nftables.conf file
was not executed (I have rebooted many times so this file should run).
Bye
Martin
My current network connections, and 'ip route' command:
(I see 2 changes from my prevoius setup: missing tun0 and br-7bfdce95ff27
they were before created automaticaly so I hope it does not matter they
are not present now - both where doing local addresses 10.1.1.1/24 and
172.18.0.1/16, maybe they will appeear when I install more programs from
repository - i am not worried about them, just mentioning to be complete)
root@redmoon:~# ip address list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP
group default qlen 1000
link/ether e0:d5:5e:73:c9:d3 brd ff:ff:ff:ff:ff:ff
inet 192.168.231.3/24 brd 192.168.231.255 scope global enp3s0
valid_lft forever preferred_lft forever
inet6 fe80::e2d5:5eff:fe73:c9d3/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
3: wlxe8de27a5ab1c: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP group default qlen 1000
link/ether e8:de:27:a5:ab:1c brd ff:ff:ff:ff:ff:ff
inet 192.168.0.16/24 brd 192.168.0.255 scope global dynamic wlxe8de27a5ab1c
valid_lft 591334sec preferred_lft 591334sec
inet6 fe80::eade:27ff:fea5:ab1c/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state
DOWN group default
link/ether 02:42:33:88:62:ce brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
root@redmoon:~# ip route
default via 192.168.0.1 dev wlxe8de27a5ab1c
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.0.0/24 dev wlxe8de27a5ab1c proto kernel scope link src 192.168.0.16
192.168.231.0/24 dev enp3s0 proto kernel scope link src 192.168.231.3
