unknowndevQwQ
commented
1 week ago There are three NAT statement flags in $ man nft, but it is not marked which one is used by default. However, from the description of the parameters of the MASQUERADE target in man 8 iptables-extensions, it can be inferred that the default statement is persistent.
If the default selection is the persistent one you need, then this issue is unlikely to occur. But according to your problem description, you may have encountered a problem related to the NAT type. So, this involves what is the default NAT type of netfilter? (In China, many forums related to the Internet or games often complain that openwrt does not provide EIF+EIM/Full Cone NAT, which makes them unable to enjoy multiplayer online games) EDF+EDM/Symmetric NAT? Or EDF+EIM/Port-Restricted Cone NAT? But before you provide any logs related to the actual problem, no one knows the specific problem you encountered. Because there are too many debates about netfilter NAT type.
What would you like to be added
Adding the NAT flags available with nftables in particular the persistent one as possibly an attribute to the masquerade tag
Why is this needed
It can go a long way into helping IPSec problems with services such as Wifi Calling