nftables masquerading is not working

BlitDev

8/10/24, 2:31 PM

I've a laptop (172.16.0.2) and a desktop PC (172.16.0.1). The phone is connected to the PC in USB modem mode, and it appears as the enp5s0f3u1 interface. I've set up masquerading through nftables so that the laptop can access the internet through the desktop PC via the local network. However, a few days ago, it stopped working, and I'm not sure why. I have already checked the routing tables, and forwarding is enabled too. The issue seems to be with the desktop PC because, for some reason, nftables is not doing anything (requests are going from the laptop to the PC, but the IP address is not changing, for example, 172.16.0.2 -> one.one.one.one).

Here is my nftables ruleset:

flush ruleset

define MODEM_INTERFACE = enp5s0f3u1
define HOME_INTERFACE = enp3s0
define HOME_PC = 172.16.0.1/32
define HOME_SERVER = 172.16.0.2/32 # laptop
define HOME_NETWORK = 172.16.0.0/12

table inet nat {
    chain postrouting {
        type nat hook postrouting priority 100;
        ip saddr $HOME_NETWORK iifname enp3s0 oifname $MODEM_INTERFACE masquerade
    }
}

The tcpdump output is blank when it listening the modem interface.

1 + 2

ethernet

nat

linux-networking

masquerade

nftables

A.B

8/10/24, 2:40 PM

To know if the nat rule ever triggers add a `counter` before `masquerade`. nftables actions can't alter route when it's in postrouting (as the name implies: routing decision has already happened). So I guess the problem is before: either routing, or something else that prevents forwarding (forwarding not enabled, iptables-legacy firewall ...). Also check `ip rule` (some VPN might alter behavior). And that will be my last comment about it because this looks off-topic for serverfault.

BlitDev

8/10/24, 4:15 PM

the counter is not triggering (packets 0 bytes 0)

Score:0

Server

BlitDev

8/10/24, 5:37 PM

Docker service was creating rules using iptables instead of nftables, and forwarding was blocked.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: nftables masquerading is not working

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.