debiansid
commented
1 month ago You can add them when you build iso or install them after your installation.
Open sever-sever opened 1 month ago
debiansid
commented
1 month ago You can add them when you build iso or install them after your installation.
sever-sever
commented
1 month ago You can add them when you build iso or install them after your installation.
@debiansid Any docs about configuring the feature? Thanks!
debiansid
commented
1 month ago debiansid
commented
1 month ago When I was using iptables I add this into vyos-postconfig-bootup.script
##############################################
# FULLCONENAT Rules
iptables-legacy -t nat -I POSTROUTING -o pppoe0 -j F
ULLCONENAT
iptables-legacy -t nat -I PREROUTING -i pppoe0 -j FU
LLCONENAT
iptables-legacy -t nat -I PREROUTING -i eth0 -j FULL
CONENATnftables like this
gw:/etc/nftables.d$ more fw4.nft
table inet fw4
delete table inet fw4
table inet fw4 {
chain dstnat {
type nat hook prerouting priority dstnat; policy accept;
iifname "ppp0" jump dstnat_wan
}
chain srcnat {
type nat hook postrouting priority srcnat; policy accept;
oifname "ppp0" jump srcnat_wan
}
chain srcnat_wan {
fullcone
}
chain dstnat_wan {
fullcone
}
}You can add them when you build iso or install them after your installation.
@debiansid Any docs about configuring the feature? Thanks!
Remember to patch your kernel like mine https://github.com/ruaue/vyos-kernel-rolling
It would be a good idea to add instructions on how to use it for VyOS. Does it work if we install packages into the installed system, or should those packages be added to the
/packagesduring a build? What to do after installation? Which modules have to be loaded and which nft commands are available with this feature?