dport我正在尝试配置一个 nftables 规则,用于将流量从我的服务器转发到 LXC 容器,但是, nftables 不接受salt states 模块呈现给定值的方式。我该怎么做?
盐配置:
kevin-container-web-port-http:
nftables.append:
- family: ip
- table: nat
- chain: PREROUTING
- priority: 100
- iif: eth0
- dport: '80, 443'
- proto: tcp
- to: '10.0.3.32'
- jump: dnat
输出自state.apply:
ID: kevin-container-web-port-http
Function: nftables.append
Result: False
Comment: Failed to set nftables rule for kevin-container-web-port-http.
Attempted rule was tcp dport { 80, 443 } dnat for ip.
Failed to add rule "tcp dport { 80, 443 } dnat" chain PREROUTING in table nat in family ip.
Started: 17:36:42.821866
Duration: 154.261 ms
Changes:
尝试手动添加规则时:
$ nft add rule nat prerouting iif eth0 tcp dport 80 dnat 10.0.3.32
$ nft list table nat
table ip nat {
chain PREROUTING {
type nat hook prerouting priority -100; policy accept;
iif "eth0" tcp dport { http, https } dnat to 10.0.3.32
}
...
}
答案1
在广泛阅读了 nftables 的手册页后,我决定尝试在跳转参数中添加 to 字段。配置使用以下设置:
kevin-container-web-port-http:
nftables.append:
- family: ip
- table: nat
- chain: PREROUTING
- iif: eth0
- dport: 80
- proto: tcp
- jump: dnat to 10.0.3.32:80