Forrest logo
back to the nft tool

nft:tldr:10d3f

nft: Add a NAT rule to translate all traffic from the `192.168.0.0/24` subnet to the host's public IP.
$ sudo nft add rule ${nat} ${postrouting} ip saddr ${192-168-0-0-24} ${masquerade}
try on your machine

This command is using the nft command-line tool with superuser privileges (sudo) to add a rule to the nat table's postrouting chain.

The "nft add rule" part indicates that a new rule is being added to the specified table and chain.

Let's break down the command arguments:

  • ${nat}: This is a placeholder for the name of the table. It could be something like "nat", indicating that the rule should be added to the nat table.
  • ${postrouting}: This is a placeholder for the name of the chain within the table. It could be something like "postrouting", indicating that the rule should be added to the postrouting chain.
  • ip saddr ${192-168-0-0-24}: This indicates that the rule will match packets with a source IP address within the specified range. ${192-168-0-0-24} is a placeholder for the IP range. It could be something like "192.168.0.0/24", indicating all IP addresses from 192.168.0.0 to 192.168.0.255 inclusively.
  • ${masquerade}: This is a placeholder for the action to be taken on matching packets. In this case, it suggests that packets should be masqueraded, which means their source IP address should be replaced with the outgoing interface's IP address.

To summarize, this command adds a rule to the nat table's postrouting chain that matches packets with a source IP address within the specified range and applies masquerade to them. This is commonly used in network address translation (NAT) setups to allow private IP addresses to communicate with the internet by replacing their source IP addresses with the public IP address of the gateway or router.

This explanation was created by an AI. In most cases those are correct. But please always be careful and never run a command you are not sure if it is safe.
back to the nft tool