Post
looking for some nftables help
3 networks on firewall ( isp, ofc, svc ( Nextcloud, HomeAsst, etc ) )
I want to ssh and web from ofc to svc, I would prefer to route rather than nat ( show source system rather than firewall )
net.ipv4.ip_forward = 1
Should this be sufficient for the routing?
table inet filter {
chain forward {
ip saddr $ofc_net oifname $svc_nic accept
iifname $srv_nic ip daddr $ofc_net ct state related,established accept
}
}
I have it working with nat, but trying to avoid that and am not yet certain what masquerade is doing
I have tried many combinations of specific IPs, /24 nets, and interface names
using log prefix w/o accept shows ssh from $ofc_ip to $svc_ip hitting forward, but not input nor output
I can ssh directly from firewall to $svc_ip
ssh from $ofc_ip doesn't connect to $svc_ip sshd
A space for Bonfire maintainers and contributors to communicate
