Hi alls,
Just migrated my Turris on 7.1.1 so far so good, except for reflection (or Hairpin).
Custom Rules have disappear from the LUCI and my rules doesn’t work anymore.
I use to excute this command with IPTables : iptables -t nat -A zone_lan_prerouting -s 192.168.1.0/24 -d xx.xx.xx.xx/32 -p tcp -m tcp --dport 443 -m comment --comment "!fw3: Reverse Proxy 443 (reflection)" -j DNAT --to-destination 172.x.x.x:443
That is the new syntax with nftables ? or is there a new way to make a reflection ?
Thanks in advance for your help
Rewrite your rules to new syntax.
https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_nftables
1 Like
Yes of course, but nft command is not existing on Turris 7.1.1 …
iptables-translate is present but translate in nft command …
Do we need to use iptables-nft ?
In my understanding, we still need to use iptables command but the backend has changed and the syntax as well, we just need to find the correct one…
I think I found something, may be we need to install an extension for iptables, an extra package that isn’t install by default …
Nope. Rewrite your rules to nftables syntax or install iptables-nft for backwards compatibility. I am using mwan3 package that hasnt been migrated to nftables and with iptables-nft there are warnings but it works
Edit: or you may be patient and in TOS8 there will be option to set NAT Reflection via LuCi
Or be brave, familiarize yourself with how to schnapps back to safety and go switch-branch hbl. 
Thanks for all your answer …
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.