NFTables.Expr.NAT (NFTables v0.8.2)

View Source

Network Address Translation (NAT) functions for Expr.

Provides functions for SNAT, DNAT, masquerading, and port redirection. Essential for routing, port forwarding, and transparent proxying.

Import

import NFTables.Expr.NAT

Examples

# Masquerade outgoing traffic
oif("wan0") |> masquerade()

# Port forwarding (DNAT)
tcp() |> dport(80) |> dnat_to("192.168.1.100", port: 8080)

# Source NAT to specific IP
oif("wan0") |> snat_to("203.0.113.1")

# Transparent proxy redirect
tcp() |> dport(80) |> redirect_to(3128)

For more information, see the nftables NAT wiki.

Summary

Functions

dnat_to(builder \\ Expr.expr(), ip, opts \\ [])

Apply destination NAT (DNAT) to an IP address.

masquerade(builder \\ Expr.expr(), opts \\ [])

Apply masquerading (dynamic SNAT).

redirect_to(builder \\ Expr.expr(), port)

Redirect to local port.

snat_to(builder \\ Expr.expr(), ip, opts \\ [])

Apply source NAT (SNAT) to an IP address.

Functions

dnat_to(builder \\ Expr.expr(), ip, opts \\ [])

@spec dnat_to(NFTables.Expr.t(), String.t(), keyword()) :: NFTables.Expr.t()

Apply destination NAT (DNAT) to an IP address.

Example

# DNAT to single IP
builder |> dnat_to("192.168.1.100")

# DNAT to IP:port (port forwarding)
builder |> dnat_to("192.168.1.100", port: 8080)

masquerade(builder \\ Expr.expr(), opts \\ [])

@spec masquerade(
  NFTables.Expr.t(),
  keyword()
) :: NFTables.Expr.t()

Apply masquerading (dynamic SNAT).

Automatically uses the outgoing interface's IP address.

Example

# Basic masquerade
builder |> masquerade()

# Masquerade with port range
builder |> masquerade(port_range: "1024-65535")

redirect_to(builder \\ Expr.expr(), port)

@spec redirect_to(NFTables.Expr.t(), non_neg_integer()) :: NFTables.Expr.t()

Redirect to local port.

Used for transparent proxying.

Example

# Redirect HTTP to local proxy
builder |> tcp() |> dport(80) |> redirect_to(3128)

snat_to(builder \\ Expr.expr(), ip, opts \\ [])

@spec snat_to(NFTables.Expr.t(), String.t(), keyword()) :: NFTables.Expr.t()

Apply source NAT (SNAT) to an IP address.

Example

# SNAT to single IP
builder |> snat_to("203.0.113.1")

# SNAT to IP:port
builder |> snat_to("203.0.113.1", port: 1024)