Link Search Menu Expand Document


This package implements nft netmap rules not supported by fw4.

The configuration is saved inside /etc/config/netmap. Each record must be of type rule. Each rule can contains these fields:

  • name: name identifying the rule, it must respect nft limitation for comments
  • src (or dest): IPv4/IPv6 network address for source (or destination) NAT rule
  • device_in: list of incoming network interfaces (optional)
  • device_out: list of outgoing network interfaces (optional)
  • map_from: IPv4/IPv6 network address for source address translation
  • map_to: IPv4/IPv6 network address for destination address translation

Example of configuration file:

config rule
	option name 'source_nat1'
	option dest ''
	list device_in 'eth0'
	list device_in 'eth1'
	list device_out 'tunrw'
	option map_from ''
	option map_to ''

config rule
	option name 'dest_nat1'
	option src ''
	option map_from ''
	option map_to ''

After adding a rule, run the ns-netmap script.


uci set netmap.r1=rule
uci set
uci set netmap.r1.dest=
uci  add_list netmap.r1.device_in='eth0'
uci  add_list netmap.r1.device_out='tunrw1'
uci set netmap.r1.map_from=
uci set netmap.r1.map_to=
uci commit netmap

The package also provides 2 scripts that are triggered on pre-commit and post-commit hooks.